[QILIN] – Ransomware Victim: dalton[.]com

AI Generated Summary of the Ransomware Leak Page

On October 16, 2025, a ransomware leak page attributed to the threat group qilin identified the victim as dalton[.]com. The post presents the intrusion as a data-leak event rather than a conventional encryption breach and asserts that sensitive internal documents were exfiltrated and may be disclosed. The victim is described as a contract pharmaceutical services firm founded in 1986, and the page highlights a set of internal documents that the attackers claim were stolen. The leak page includes eight image attachments described as screenshots of internal materials, and it notes the presence of a claim URL, suggesting the attackers intend to verify or monetize the theft via the leak site.

From the described items, the leaked materials appear to span internal records such as financial statements, an employment offer, a service agreement, a laboratory report, and a business account statement. Personal data within these items—such as emails and dates of birth—are referenced in the excerpt but have been redacted in this summary to protect privacy. The post does not disclose a ransom amount; instead, it signals the attackers’ intent to publish or monetize the stolen data via the claim URL. The post is dated 2025-10-16, which is treated here as the post date since no compromise date is provided. The eight image attachments are hosted on an onion-domain server, and specific image contents are not described here.