Ransomware Group: QILIN

VICTIM NAME: eli

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page originates from a victim identified as “eli” and is associated with a domain related to a restaurant website in Germany. The attack was publicly disclosed on May 29, 2025, with an estimated attack date also recorded as May 29, 2025. The host domain describes an establishment offering Italian cuisine at Frankfurt Airport, featuring descriptions of its culinary offerings, including salads, soups, meats, and fish, emphasizing its inviting atmosphere. The leak page includes a screenshot displaying internal information, suggesting data exposure or a breach related to the victim’s online presence or associated systems, though specific sensitive details are not disclosed publicly. This incident appears to involve a group named “qilin,” but no evidence of data theft or specific malicious activity is detailed beyond the leak announcement.

The page contains a claim URL hosted on a dark web onion site, indicating that the perpetrators have made certain information available through a secure, hidden network. The leak may include internal documents, but explicit content or details about compromised data are not publicly accessible through the provided information. The attack’s precise nature, such as whether it involved data theft, encryption, or ransomware deployment, has not been specified. The presence of a publicly visible screenshot suggests the attacker aims to demonstrate their access or the breach, potentially as part of a threat or extortion campaign. Overall, this incident highlights the ongoing risks faced by online and physical businesses, especially those with significant customer interactions like restaurants or hospitality services in high-traffic locations.