Ransomware Group: QILIN

VICTIM NAME: medosweet[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 20, 2025, medosweet[.]com is identified as the victim in a leak post that frames the incident as a data-leak rather than a purely encrypted breach. The page, described in neutral terms as a ransomware leak, presents the victim as a US-based dairy product distributor serving the Pacific Northwest. It notes eight screenshots of internal documents within an image gallery and enumerates four items that purportedly comprise the leaked materials: a 2025 full company audit with corrective actions; a supply agreement for 372,026 pounds of unsalted butter valued at over $1 million with deliveries spread across 2025–2026; an application form and credit agreement for new customers; and a formal supply agreement with a local school district. The post also includes a redacted Jabber contact ([REDACTED_EMAIL]), a hashed value labeled TOX, and an FTP reference to a data share, all of which are presented as evidence of the data that was exfiltrated.

The post date is August 20, 2025, which serves as the publish date since no separate compromise date is listed on the page. The body excerpt indicates the leaked materials focus on internal procurement and contract documents, suggesting the attackers are exposing sensitive commercial information rather than merely encrypting systems. The gallery of eight images is described as containing internal document screenshots, underscoring the potential exposure of business records and agreements. While the excerpt references several documents and partner relationships, no explicit ransom demand is shown in the available text. As part of the sanitized presentation, identifying fields such as emails are redacted, and credential-bearing links are noted but not reproduced in full here.