Ransomware Group: QILIN

VICTIM NAME: farma

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page pertains to a healthcare sector entity, Farmacias Del Pueblo, which operates in the drug retail industry. The breach was discovered on April 18, 2025, and the attack occurred on the same day. The company is based in Neuquen, Argentina, and has between 250 and 499 employees, with revenues estimated between 10 million and 25 million USD. The publicly accessible portal provides an overview of the situation without revealing specific sensitive or PII data. The site includes a screenshot of internal documents or web interface, indicating that the attackers may have accessed some internal data.

The attack appears to have resulted in data leaks, with potential exposure of confidential information related to the company’s operations. Although specific compromised files or data types are not detailed in the available information, the leak page suggests the presence of data that could impair the company’s confidentiality and business operations. The breach is associated with the group named “qilin,” which is known to target organizations in various sectors. There are no indications that personally identifiable information of customers or staff has been publicly disclosed. The attacker likely gained access through a security vulnerability, leading to the publication of internal materials on the dark web.

The leak includes a screenshot potentially showing internal documents or admin interface, which could be used for further malicious activities or attribution.