Ransomware Group: QILIN

VICTIM NAME: McCracken Financial Solutions

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to McCracken Financial Solutions, a company operating within the financial services industry in the United States. The attack was discovered on June 12, 2025, and involves the unauthorized release of sensitive information related to their business activities. The company specializes in commercial loan servicing software designed to automate the entire loan lifecycle, including origination, servicing, accounting, and asset management, indicating a focus on streamlining complex financial operations. The leak page includes a screenshot depicting internal data or documents, which suggests that confidential information may have been compromised. Additionally, potential data leaks or stolen files are implied, though specific details are not provided publicly. The incident is associated with a threat group known as “qilin,” indicating a targeted and organized attack effort.

The compromised data appears to include various internal records or documents related to the company’s software and operations. The leak’s publication provides a claim URL and visual evidence of the breach, potentially exposing sensitive business information. No personally identifiable information (PII) or specific customer data is publicly detailed, maintaining an emphasis on overall organizational impact rather than individual privacy breaches. The incident’s timing and public disclosure suggest a deliberate act aimed at financial and operational disruption. The leak page includes images such as screenshots of internal data, providing a glimpse into the scope of the breach without revealing explicit confidential content. This emphasizes the importance of cybersecurity measures for organizations handling critical financial information.