[QILIN] – Ransomware Victim: Habib Bank AG Zurich

AI Generated Summary of the Ransomware Leak Page

Habib Bank AG Zurich, a Swiss financial services institution, is identified as the victim on a ransomware leak post attributed to the threat actor group Qilin. The leak page presents the incident as a data-exfiltration event and includes a claim URL indicating a ransom/claim page. The post is dated 2025-11-05 10:20:02.345529; since no separate compromise date is provided, this timestamp is treated as the post date. The page lists Habib Bank AG Zurich’s industry as Financial Services and the country as CH. It features 34 image assets described as screenshots that appear to be internal documents or related materials, though the exact contents are not described in the excerpt. The body excerpt includes a label “TOX” with a long hash, which is part of the post’s metadata. No explicit ransom figure is disclosed in the visible excerpt.

From a threat-actor perspective, the leak’s presentation—34 image attachments likely depicting internal documents—along with a claim URL and the absence of a visible public data download, aligns with common double-extortion tactics used against financial services targets. The 34 images are hosted on onion service addresses, indicating dark-web hosting for the leaked materials. The post does not reveal a fixed ransom amount in the excerpt, and there is no separate compromise date shown beyond the post date. This event underscores the ongoing risk to the Swiss financial sector from ransomware groups and illustrates how leak pages use visual evidence to pressure victims while signaling potential data exposure.