[QILIN] – Ransomware Victim: Sprague & Jackson

AI Generated Summary of the Ransomware Leak Page

On October 15, 2025, a ransomware leak post attributed to the group qilin concerns Sprague & Jackson, a United States–based tax services firm. The page describes Sprague & Jackson as offering secure document submission and payment options, with client service provided through scheduled meetings and a staff described as enrolled agents and associates delivering professional tax guidance. The post frames the incident as a data-leak event rather than encryption and includes a claim URL. The leak page contains 14 image attachments that appear to be internal documents or data, though their exact contents are not detailed in the metadata. The publication date is listed as the post date; there is no explicit compromise date provided beyond this.

The body excerpt notes additional artifacts, including a jabber contact (redacted) and an FTP URL containing credentials, both of which are redacted in terms of sensitive details. The presence of such elements is characteristic of ransomware leak posts that showcase access and provide means to review leaked data, even though the exact values are not disclosed here. The page suggests the 14 accompanying images are likely screenshots of internal material, but the specific contents are not described. No downloadable content or ransom figure is explicitly shown in the visible excerpt. Overall, the post highlights ongoing risk to professional services firms handling financial information and aligns with a data-leak model rather than a traditional encryption event.