[QILIN] – Ransomware Victim: KHL Printing

AI Generated Summary of the Ransomware Leak Page

On October 22, 2025, a leak post identifies KHL Printing, a Singapore-based manufacturing company described as one of Southeast Asia’s largest printing services providers, as a ransomware victim. The page portrays KHL Printing as offering end-to-end print production and related platform services, with the organization described as employing over 1,000 people across six production sites in two countries and generating an annual turnover of approximately S$200 million. The post frames the incident as a data-leak event rather than a traditional encryption incident, stating that internal company data — much of it confidential and personal information — has been exfiltrated and is being prepared for publication. No ransom amount is disclosed on the page, and there is no explicit encryption figure provided, underscoring a focus on data exposure rather than encryption-only impact.

The leak page includes a gallery of 15 image thumbnails, which appear to be internal documents or related materials. The exact contents of the images are not described on the page, but their presence suggests visual evidence accompanies the claim of data exfiltration. A data token labeled TOX and a reference to a data link for a file-transfer resource are visible in the excerpt, along with a defanged FTP-related note indicating a data repository exists. The page also signals that a claim URL is available for those seeking to engage with the leak actors. Taken together, these elements reflect a data-leak/extortion posture typical of modern ransomware operations, with the attackers promising publication of stolen data while withholding any specific ransom amount from public view.