Ransomware Group: QILIN

VICTIM NAME: exhibits-intl[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a company operating within the business services sector, specifically involved in creating experiences for museums, visitor centers, and exhibitions. The victim’s website, exhibits-intl.com, is based in the United States and was founded in 1961, highlighting its long-standing presence in the industry. The data breach was discovered on July 1, 2025, and the attack date is indicated as June 29, 2025. The breach appears to involve data exfiltration, with the leak page acting as a platform to share compromised information and potentially demanding ransom. Although no specifics about the content leaked are provided, the site indicates the availability of download links or leaked files related to the victim’s operations.

The leak page features a screenshot placeholder and a unique URL linking to further details, suggesting that sensitive internal information, possibly including business data or operational details, has been exposed. The victim’s description reveals their expertise in fabrication, exhibit design, and interactive production, emphasizing their role in creating engaging experiences. The attack’s details are limited, but the presence of a dedicated claim URL on a dark web onion site indicates ongoing negotiations or ransom demands. No personal or PII data of individual employees or third parties is mentioned, and the leak appears primarily to target organizational or operational information related to the company’s activities and industry.