[QILIN] – Ransomware Victim: Lorber, Greenfield & Polito, LLP
NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security. Any legal issues relating to the content should be directed at the attackers, not RedPacket Security. This blog is an editorial notice informing that a company has fallen victim to a ransomware attack. RedPacket Security is not affiliated with any ransomware threat actors or groups and will not host infringing content. The information on this page is automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.
AI Generated Summary of the Ransomware Leak Page
On October 28, 2025, Lorber, Greenfield & Polito, LLP—a United States–based law firm operating in the Business Services sector—was identified as a ransomware leak victim on a public post. The page lists the victim by name and industry, framing the event as a data-exfiltration incident typical of modern double-extortion campaigns. A unique identifier labeled TOX is present, and the post references an FTP data-share with credentials redacted in the visible excerpt, shown defanged as ftp://datashare:[REDACTED]@64[.]176[.]162[.]76. The entry also notes the existence of three images associated with the post and indicates that a claim URL is available for additional information. The post date, marked as the key_date, is October 28, 2025; the excerpt does not provide a separate compromise date.
The provided excerpt does not disclose an explicit ransom amount. However, the combination of a data-share FTP link and a TOX identifier aligns with the exfiltration-and-publication pattern seen in many ransomware operations. The page includes three visual assets (likely screenshots or graphics), though their exact content is not described in the excerpt. No direct download of files is evidenced in the visible data, but the presence of the FTP data-share implies potential access to stolen information. The focus of this CTI summary remains the victim name—Lorber, Greenfield & Polito, LLP—with other names from the leak page considered contextual. Given the available information, the post date serves as the primary timestamp for the incident since no separate compromise date is provided.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
