[QILIN] – Ransomware Victim: KIS Asset Evaluation

AI Generated Summary of the Ransomware Leak Page

On October 22, 2025, KIS Asset Evaluation, described on the leak page as a Korea-based financial services firm focused on asset valuation, was identified as a ransomware victim. The post presents this as a data-leak event rather than a purely encrypted intrusion and claims that sensitive internal data has been exfiltrated. A ransom-claim link is indicated on the leak page, suggesting a potential double-extortion scenario, but no ransom amount is disclosed in the available data. The page date is the post date, with no explicit compromise date provided beyond that timestamp.

The leak page includes three images that accompany the post, described in the metadata as screenshots or visuals likely of internal documents or related assets. The exact contents of these images are not detailed in the summary. The body excerpt contains a server error message and an FTP-style data-exchange line referencing a datashare endpoint; in the sanitized data, passwords or credentials are redacted. These elements are typical of leak-site content aimed at illustrating access and exfiltration, though the dataset does not specify the precise scope of stolen data or any encryption details, and no ransom figure is provided.

Geographically, the leak text identifies KIS Asset Evaluation as a Korea-based organization, whereas the API metadata lists the victim as located in the United States, highlighting a cross-check discrepancy that warrants corroboration from additional sources. The post notes the presence of three illustrative images and a claim URL but stops short of detailing the data types involved or a monetary demand. Taken together, the information points to a data-leak ransomware scenario for a financial services entity, with the exact scope, data categories affected, and any demand remaining unconfirmed in the provided data.