[QILIN] – Ransomware Victim: City of Riviera Beach, Florida
NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security. Any legal issues relating to the content should be directed at the attackers, not RedPacket Security. This blog is an editorial notice informing that a company has fallen victim to a ransomware attack. RedPacket Security is not affiliated with any ransomware threat actors or groups and will not host infringing content. The information on this page is automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.
AI Generated Summary of the Ransomware Leak Page
On October 14, 2025, a leak post attributed to the Qilin ransomware group identifies the City of Riviera Beach, Florida as a victim. The city is categorized in the Public Sector and is located in the United States. The post date serves as the primary timeline for the incident, and there is no explicit compromise date provided in the available excerpt. The post frames the event as a data-leak scenario rather than a simple encryption, noting that a claim URL is present and that a download of data was not available at the time of posting. The page states that the amount of downloaded data is unknown and that additional details will be added later; no ransom amount is disclosed in the visible portion of the post.
The leak page includes three image attachments, presented as screenshots or visual evidence, though their contents are not described in this summary. The images are hosted on onion addresses, defanged here for safety, and no direct image content is provided in this summary. The page also lists attacker-provided channels such as a redacted Jabber contact and a defanged FTP login for a data-share, with the actual credentials not disclosed in the compromised content. In addition, the excerpt reproduces the city’s own accessibility notice, indicating residents can report non-emergency issues via the online portal or the GoRiviera mobile app; a public phone number is shown in the excerpt but has been redacted for privacy. A claim URL is indicated on the page, signaling the attackers’ intent to publicize or monetize the incident.
Overall, the post centers on the City of Riviera Beach, Florida and ties the incident to the Qilin group. The post date is October 14, 2025, and there is no explicit compromise date stated in the excerpt. There is no ransom figure provided in the publicly visible portion of the page, and no data downloads are accessible at present. The combination of three images, a claim URL, and attacker-provided contact and data-access channels on a page that also echoes the city’s public-facing content is indicative of a ransomware-linked data-leak post targeting this municipal entity.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
