[QILIN] – Ransomware Victim: Distribuciones Camba

AI Generated Summary of the Ransomware Leak Page

On October 19, 2025, a ransomware leak post associated with the threat group qilin publicly identifies Distribuciones Camba, a Galicia-based wholesale distributor of snacks and candies serving the hospitality sector, as a victim. The page describes Distribuciones Camba as operating across Galicia with its own delivery vans and supplying a diverse range of confectionery and snack items. The post frames the incident as a data-exfiltration event rather than a pure encryption event and claims that attackers have exfiltrated data from Distribuciones Camba’s network. A claim URL is included on the leak page, signaling that stolen data may be released publicly or offered for sale as part of a double-extortion tactic. The post does not provide a separate compromise date beyond the post date, and no ransom amount is disclosed in the visible content.

Visual content on the leak page comprises three screenshots of what appear to be internal materials. The images are presented as attachments hosted on attacker-controlled infrastructure, with the actual URLs defanged in this report and not displayed. The page lists a redacted contact method (email) and an FTP drop for the attackers, though these details are redacted in this sanitized summary. At the time of posting, there are no downloadable data assets available, and the size of the exfiltrated data is described as unknown, with a note that more information may be released later. Taken together, the leak post confirms a ransomware-related data-leak incident involving Distribuciones Camba and signals the potential public release of stolen data if extortion demands are not met.