[QILIN] – Ransomware Victim: Magna Hospitality Group
NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security. Any legal issues relating to the content should be directed at the attackers, not RedPacket Security. This blog is an editorial notice informing that a company has fallen victim to a ransomware attack. RedPacket Security is not affiliated with any ransomware threat actors or groups and will not host infringing content. The information on this page is automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.
AI Generated Summary of the Ransomware Leak Page
On October 22, 2025, Magna Hospitality Group, a USA-based private equity firm focused on the investment, development, and management of hotel properties, is named as a victim in a ransomware leak post attributed to a group identified as qilin. The leak page describes Magna as employing more than 100 professionals across functions such as investment, finance, legal, hotel operations, sales and marketing, accounting, human resources, engineering, interior design, and construction. It asserts Magna has the right to own and/or operate major national hotel brands and notes a portfolio valued at over $5 billion in hotel properties under management and development. The attackers claim Magna suffered a data leak that will seriously damage its reputation, reporting that financial data (budgets, contracts, and profit reports), personal data on employees and partners, and numerous internal reports on workplace violations have been made publicly available and that all of Magna’s data is available for download. The post provides a TOX hash and an FTP data-share address (login credentials are redacted). Additionally, the leak page includes a gallery of 19 screenshots or images hosted on onion services, described only in general terms.
The post indicates there is no separate compromise date provided beyond the post date of October 22, 2025; the content frames this as a data-leak scenario rather than encryption of systems. There is no explicit ransom figure mentioned in the excerpt, with emphasis instead on data exfiltration and public availability of the material. The page presents 19 image assets that appear to depict internal documents or related visuals, though their contents are not described in detail. The imagery is hosted on onion services, and the leak page does not provide external links. PII such as emails and physical addresses are redacted in the available excerpts, while the overall message highlights a substantial breach affecting Magna Hospitality Group’s data and confidentiality. The leak is attributed to the actor group qilin, enabling CTI tracking of this operator’s activity across incidents.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
