Ransomware Group: QILIN

VICTIM NAME: haydist[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware group has publicly disclosed a leak page associated with the victim website, which is identified as haydist.com, a distribution company serving outdoor power equipment and related industries. The group, identified as “qilin,” has announced that all data belonging to this company will be available for download starting June 26, 2025. The disclosure date of this leak is June 12, 2025, indicating the attack activity was detected on that date. The leak page includes a screenshot of the victim’s data, which appears to contain internal files or documents, although no specific details are provided in this report. The data exposure suggests a potential compromise of business-critical information, which could impact operations and client confidentiality.

The group has provided a claim URL accessible through the dark web, where interested parties may view the leaked contents once they are made public. The leak indicates that the group may hold additional sensitive data and is prepared to release it unless demands are met. There is no information about the attack vector or specific vulnerabilities exploited in this incident. Given the nature of the leak, it is advisable for the victim company to review their security measures and prepare for containment and remediation. No evidence of personally identifiable information or employee data being compromised has been noted in the current details. The incident highlights the ongoing threat of ransomware operators targeting industrial and distribution sectors.