Ransomware Group: QILIN

VICTIM NAME: BCR Recouvrement

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On October 4, 2025, a ransomware leak post attributed to the group qilin claimed to have compromised BCR Recouvrement, a debt-collection and credit-management firm based in Lyon, France, operating in the Financial Services sector. The post portrays the incident as a data-leak event rather than a traditional encryption of systems and does not publish any ransom amount or explicit demand. Given the information available, the date provided on the leak page is treated as the post date, with no separate compromise date indicated. The narrative centers on the victim name, while other entities mentioned in the surrounding text are not the focus of this CTI summary.

The leak page contains 21 image attachments that appear to be screenshots of internal documents or related material intended to substantiate the attackers’ claims. There are no downloads or external links listed on the page. The page references a Lyon, France address, but street-level details are redacted. Attacker contact channels and credentials appear in the public copy but are redacted for privacy. Media assets are described as hosted via onion-network infrastructure, consistent with darknet leak publications. The content centers on BCR Recouvrement’s role in debt collection and credit management and frames the incident as a data-exfiltration event affecting a financial services provider in France. No ransom figure is disclosed on the page.

From a threat-intelligence perspective, the leak aligns with common ransomware patterns: public claims of data exfiltration supplemented by image-based evidence, and a post date anchoring the publication. The absence of an encryption impact or explicit ransom demand on the leak page suggests the focus is on potential data exposure rather than immediate system encryption. Security teams should monitor for additional updates from the same actor group and assess exposure risk to BCR Recouvrement’s clients and partners within the French financial services sector, given the disclosed documents and images accompanying the post.