[QILIN] – Ransomware Victim: Anderson-Moore Construction

AI Generated Summary of the Ransomware Leak Page

On October 30, 2025, a ransomware leak post is associated with Anderson-Moore Construction, a US-based company in the Construction sector. The post is attributed to the threat group qilin and appears as a breach notification typical of ransom-leak communications. The available data does not clearly label the impact as either Encrypted or Data leak, nor does it list a ransom amount; the date provided is treated as the post date in the absence of a separate compromise date. A defanged claim URL is present on the page, indicating the attackers offer a link for additional details or instructions. The page includes three embedded images, described in the dataset but without detailed captions.

The leak page contains three image assets intended to corroborate the claim, though their contents are not described in the provided data. The images are referenced as being hosted on a non-public onion domain, suggesting access is restricted to specific networks. No downloadable files or other linked content are listed in the record. The body excerpt includes a line labeled TOX followed by a long hexadecimal string, which appears to function as an internal token or identifier associated with the post. While a claim URL is present, there is no explicit ransom figure or encryption detail provided within the available fields.