[QILIN] – Ransomware Victim: Tri City Foods

AI Generated Summary of the Ransomware Leak Page

Tri City Foods, a Downers Grove, Illinois-based Burger King franchisee operating in the Chicago area, is identified as a victim in a ransomware leak post published on October 21, 2025. The post, attributed to threat group qilin, frames the incident as a data-leak event rather than a purely encrypted breach and indicates that a group of related companies was targeted along with Tri City Foods. A defanged claim URL is provided as part of the post to substantiate the exfiltration claim, and the narrative suggests that data from Tri City Foods and associated entities was stolen and could be released or made available for download. No ransom amount is disclosed in the visible excerpt, and the metadata’s income_or_ransom field is empty. Since no explicit compromise date is given, the post date is treated as the event’s date for reporting purposes, which aligns with a typical data-leak narrative in ransomware campaigns.

The leak page includes three images, described here only as screenshots or visual artifacts related to the attack, without detailing their specific content. The page also notes that a full list of attacked companies and their data will be published in four days, signaling a broader scope beyond Tri City Foods itself. PII such as emails or addresses is redacted in this summary, while an official contact method and an FTP data-access reference appear in the source material but are not disclosed here. Tri City Foods is presented within a broader multi-victim framework, underscoring the ongoing risk to restaurant franchise networks from ransomware operators. There is no explicit encryption status or ransom demand shown in the public portion of the post, reinforcing the data-leak emphasis of this incident.