Ransomware Group: QILIN

VICTIM NAME: Clifford Paper Inc

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Clifford Paper Inc., a United States-based manufacturing firm with a long family-owned heritage in the forest products sector (established 1985), is identified as the victim in a ransomware leak post attributed to the group “qilin.” The post claims the company was compromised and that a substantial archive of internal data has been exfiltrated. It presents this as a data-leak incident, stating that confidential materials—including all financial statements, budgets, and bank balances—along with personal data belonging to hundreds of partners and company executives, have been accessed. The leak page is dated October 6, 2025, which serves as the post date. A claim URL is indicated as present on the page, though no ransom amount is disclosed in the excerpt. The narrative emphasizes Clifford Paper’s role in the forest products industry and notes relationships with paper manufacturers across North America, Europe, and Asia.

The post conveys that the attackers claim to have exfiltrated a large archive of internal data, consistent with a data-leak scenario rather than a pure encryption event. The documentation suggests a potential impact across the company and its supply chain, given the breadth of financial records and personal data described. The post also indicates the presence of 23 accompanying images or screenshots, which are described as internal documents and related visuals, though their exact contents are not detailed in the excerpt. Personal data and credentials referenced in the metadata are redacted in the published excerpt (for example, contact and FTP credentials shown in the metadata are masked), and no direct ransom figure is provided in the visible text. Overall, the leak page presents Clifford Paper Inc as a mid-sized manufacturing victim facing significant exposure of financial and partner/executive information.