[QILIN] – Ransomware Victim: Micke Stridh Maskin

AI Generated Summary of the Ransomware Leak Page

On October 27, 2025 (the post date, as no compromise date is provided), a ransomware leak post publicly identifies Micke Stridh Maskin as a victim. The page describes the company as operating in the commercial and residential construction sector and frames the incident as a data-leak event rather than a straightforward encryption with ransom. The operators claim that data has been exfiltrated and reference a claim URL on the leak site to purportedly substantiate their claims. The post includes three images or screenshots accompanying the message, and the accompanying metadata notes references to an FTP data-share with credentials. The presence of a Tor onion-hosted image set is indicated, and PII such as emails is redacted in the public data while the victim name remains intact. No explicit ransom figure is disclosed in the excerpt.

The post page further notes three visual assets associated with the claim, described here in neutral terms as screenshots or images; these assets are hosted on an onion service, and their contents are not detailed in the excerpt. The leak entry does indicate a claim URL is present, but there are no visible download links on the page itself (downloads_present is false). There is also an FTP reference in the text, implying a data repository behind credentials (these details and any emails are redacted in the data provided). Taken together, the material is consistent with a data-leak narrative typical of ransomware posts, with no explicit encryption confirmation or ransom amount shown in the supplied excerpt.