Ransomware Group: QILIN

VICTIM NAME: insoca[.]es

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

insoca[.]es is described as a family-owned business with a high level of technology in the corrugated cardboard sector. The leak page attributes the incident to the ransomware group qilin and frames the event as a data-leak rather than a pure encryption breach. The post date is August 20, 2025, which serves as the post date since no separate compromise date is provided in the excerpt. The page centers on insoca[.]es, with other company names appearing in the text but not the focus of this summary. The presentation aligns with typical ransomware leak postings that publicly signal data exfiltration and victim status.

The posted material enumerates a range of internal documents and data items to illustrate the breadth of what may have been accessed. The items referenced include a June 2025 gas bill from a supplier to a packaging company, the Corporate Equality Plan 2022–2025 associated with the same business group (INSOCA brand) containing internal personnel statistics and salary information, and a work report on the audit and maintenance of compressor rooms prepared by a contractor, which includes client and contractor contact details and bank details, as well as order numbers, dates, and employee names alongside technical maintenance details. Additional documents include a 2020 balance sheet for a separate entity in the group and approved process flow diagrams from the company’s HACCP system. Eight images accompany the post, described generally as screenshots or thumbnails of internal documents. The leakage text also references internal contact points and banking data within the files, with some fields redacted or obfuscated. The post does not disclose a ransom amount in the available excerpt, focusing instead on exposing the listed documents to demonstrate access.