[QILIN] – Ransomware Victim: Habib Bank

AI Generated Summary of the Ransomware Leak Page

On November 5, 2025, Habib Bank, a Pakistani financial services institution, is named as a victim in a ransomware leak post attributed to the threat actor group “qilin.” The page frames the incident as a data-leak rather than a traditional encryption event and presents evidence in the form of 34 image thumbnails showing internal documents. The post timestamp is 2025-11-05 07:21:29.771757, and there is no explicit compromise date listed on the leak page; the post date is used for reference. The leaked content is identified by a TOX hash and a corresponding key label included in the body excerpt and metadata, and a claim URL is indicated. The post does not disclose a ransom amount, nor are there any downloadable payloads or external links beyond the claim URL. Habib Bank is identified in the Financial Services sector and located in Pakistan.

Evidence on the leak page comprises 34 image thumbnails that appear to be internal documents—likely scans or screenshots—intended to illustrate the data exfiltration claim. The images are hosted on non-public hosting (onion-like) and presented as thumbnails, with no accompanying descriptions of their contents in the excerpt. There are no listed downloads or additional links beyond the claim URL; no compromise window or data size is provided. The absence of explicit encryption status or ransom details is typical of many ransomware leak posts, which emphasize the existence of a data-leak rather than the technical specifics, while leaving the door open for follow-up disclosures through the included claim URL.