[QILIN] – Ransomware Victim: Khatami Law

AI Generated Summary of the Ransomware Leak Page

On October 19, 2025, a leak page associated with the Qilin ransomware group identifies Khatami Law, a United States–based law firm, as a victim. The post frames the incident as a data-leak event driven by exfiltration rather than a pure encryption attack, aligning with the double-extortion pattern seen in contemporary ransomware campaigns. The attackers claim to have stolen internal data and threaten public release or sale of the material, though no ransom amount is shown in the publicly visible excerpt. The post date is listed on the page, the metadata notes the victim’s country as the United States, and the industry field is not provided. The page attributes the attack to the group Qilin.

The leak page includes three screenshots, described as images, which appear to depict internal documents or records. The images are hosted on a Tor onion service. The visible text references contact channels and verification identifiers used by the attackers—an apparently redacted Jabber address and a TOX hash, along with a line that resembles an FTP login with redacted credentials—elements kept redacted to protect privacy. A claim URL is indicated as present, though the actual link is not shown in this summary. The excerpt does not disclose any ransom demand or specific data types purportedly compromised.