[QILIN] – Ransomware Victim: upea[.]com

AI Generated Summary of the Ransomware Leak Page

On 2025-10-29 13:54:09.764372, a ransomware leak post pertaining to the victim domain upea.com appeared on a public leak site and is attributed to the threat actor group qilin. The page references the victim’s sector as civil engineering construction in its body text, even though the metadata labels the industry field as Not Found. The post presents this as a data-leak event and includes a defanged link to a ransom/claims page, consistent with double-extortion tactics. There is no explicit ransom amount stated within the visible content, and no separate compromise date is provided in the available data—the timestamp should be treated as the post date.

The leak page features eight image attachments, described as screenshots or internal-document visuals used to illustrate the breach. The content of these images is not detailed in the post, and there are no direct data downloads associated with the page (the downloads_present flag is false). In sum, the page relies on visual evidence to suggest exfiltration or breach activity, rather than presenting a readable data dump or encryption status within the text.

Metadata confirms the victim as upea.com and attributes the post to the qilin group. The page’s text references civil engineering construction as the sector, while the official industry field remains Not Found. The post date remains 2025-10-29 13:54:09.764372, with no explicit compromise date listed. The inclusion of a defanged ransom/claims link aligns with ransomware operators’ data-leak extortion approach, signaling an intent to pressure for payment or data release through publicly accessible exposure.