Ransomware Group: QILIN

VICTIM NAME: mcgeorgeai[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On October 4, 2025, the leak page identifies mcgeorgeai[.]com as a victim in a ransomware operation attributed to the threat actor group Qilin. The post date is October 4, 2025; there is no separate compromise date provided in the data, so the post date serves as the temporal marker. The post frames the incident as a data-leak event rather than a purely encryption-based attack, implying that stolen data could be released publicly in alignment with double-extortion ransomware tactics. No ransom demand or amount is disclosed in the publicly visible excerpt. The incident is described within the Technology sector and the victim is based in the United States.

The leak page features a gallery of twenty image assets, which appear to be screenshots of internal documents. The exact contents of these images are not described in the excerpt. The body text references contact vectors commonly used in leak pages, including a Jabber address (redacted) and a TOX identifier, as well as an FTP-style credential line with sensitive parts redacted. While these elements are shown in the excerpt, no direct data types or file names are disclosed here.

Translation and privacy notes: A line in the description contains a Russian phrase translating to “free access to any home,” which seems to reflect the leak’s messaging rather than a technical claim about the victim’s environment. PII such as emails, phone numbers, and physical addresses are redacted in the published text, while the victim name mcgeorgeai[.]com is preserved. URLs and image links are defanged or omitted in this summary, and the dataset does not reveal a ransom amount or specific data types that were compromised.