Ransomware Group: QILIN

VICTIM NAME: Roger RENARD Entreprise

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On October 14, 2025, a ransomware leak post references the victim Roger RENARD Entreprise, a French family business established in 1951 in Amélie-les-Bains (66). The company specializes in air conditioning, heating, air handling, smoke extraction, plumbing, water treatment, and thermal process installations, serving commercial and industrial clients nationwide. The post frames the incident as a data-leak event and asserts that data was exfiltrated from the victim’s network; however, the volume or scope of stolen data is not disclosed in the excerpt. No explicit compromise date is provided beyond the post date, and there is no clear statement about encryption or operational downtime in the material shown, which aligns with a data-theft-focused ransomware outline rather than a traditional encryption-only scenario.

The leak page indicates that the attackers claim to have exfiltrated data, but the exact amount remains unknown at the moment and is to be updated later. The post includes visual evidence in the form of three screenshots or images, described in metadata as internal documents or data previews, though the exact content of these images is not detailed in the excerpt. The page also features contact indicators typically used for negotiation or information in such posts, including a Jabber handle that is shown as redacted and a TOX identifier; there is mention of an FTP link with credentials, though those details are not disclosed in the public copy. The presence of these artifacts is consistent with standard ransomware leak posts that preview stolen material and provide contact channels without exposing sensitive data directly in the public summary.

In terms of the victim profile, the page centers on Roger RENARD Entreprise, a French family enterprise operating in Amélie-les-Bains and described as a nationwide provider in installation services for HVAC, air handling, smoke extraction, plumbing, water treatment, and thermal processes for both public and private sector projects. The leak post carries the post date of October 14, 2025; no separate compromise date is provided. The entry notes that no ransom figure is listed in the excerpt, and there is no explicit statement about encryption beyond the data-leak claim. Images accompanying the post amount to three visual artifacts, and the excerpt includes redacted or obfuscated contact data to protect privacy while signaling the typical exfiltration-and-negotiation pattern observed in contemporary ransomware disclosures.