[QILIN] – Ransomware Victim: Maine Course Hospitality Group
NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security. Any legal issues relating to the content should be directed at the attackers, not RedPacket Security. This blog is an editorial notice informing that a company has fallen victim to a ransomware attack. RedPacket Security is not affiliated with any ransomware threat actors or groups and will not host infringing content. The information on this page is automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.
AI Generated Summary of the Ransomware Leak Page
On November 5, 2025, the leak page publicly identifies the victim as Maine Course Hospitality Group, a United States–based hospitality organization. The post follows a standard ransomware leak pattern by foregrounding the victim’s name, embedding references to the hospitality sector in the text, and attributing the entry to the threat actor group “qilin.” A hash-like token labeled TOX appears in the body excerpt (7C35408411AEEBD53CDBCEBAB167D7B22F1E66614E89DFCB62EE835416F60E1BCD6995152B68), which likely serves as an internal identifier associated with the leak. The page notes that a claim URL is present, implying additional details or negotiation steps may be accessible via a linked resource, though the actual URL is not displayed in the provided data. There is no explicit compromise date listed; the date provided is the post date. The metadata does not populate an industry field, but the content repeatedly references “Hospitality,” which aligns with the victim’s name. No downloadable data is indicated on the page beyond the post itself.
The leak page includes three image attachments, described in the metadata as three screenshots or visuals. These images are hosted on an onion network and are not described in detail within the excerpt. Their presence suggests a visual sample accompanies the post, though the exact contents are not disclosed here. No direct downloads are indicated and no ransom figure is stated in the provided data. Other company names do not appear in the textual content beyond the victim’s name, and no PII such as emails, phone numbers, or addresses are shown in the excerpt. The post date remains November 5, 2025, serving as the publication date for the incident, with no separate compromise date available in the record. Overall, the page follows a typical ransomware-leak structure that alludes to data exfiltration and public release rather than detailing encryption activity or a specific monetary demand.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
