Ransomware Group: QILIN

VICTIM NAME: logan[.]edu

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware group has targeted Logan University, a private institution specializing in chiropractic and health sciences located in Chesterfield, Missouri. The leak page indicates that all data belonging to the university will be made available for download on June 13, 2025. The attack was discovered on May 29, 2025, and the breach appears to involve sensitive institutional information, though specific details have not been disclosed publicly. The group responsible is identified as part of the “qilin” collective, with no indication of additional encrypting tools or info-stealers involved. The leak page features a screenshot showcasing internal documents or data structures, hinting at the seriousness of the breach.

Despite the absence of detailed PII in the publicly available summary, the leak threatens to expose university records and other institutional data. The compromised data will be accessible for download starting mid-June 2025, potentially impacting students, staff, and administrative operations. The threat actor’s communications and the leak page itself are non-explicit, providing only general information about the attack’s timeline and the targeted institution. No additional links or download options are available at this moment, but the university’s public website remains operational. The attack highlights vulnerabilities in the education sector and emphasizes the importance of cybersecurity measures to protect sensitive data.