Ransomware Group: QILIN

VICTIM NAME: New Jersey Property-Liability Insurance Guaranty Association

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On October 14, 2025, a leak page attributed to the ransomware actor group “qilin” targeted the New Jersey Property-Liability Insurance Guaranty Association, a United States–based financial services organization that provides essential claims services to claimants and policyholders affected by insurer insolvencies. The page centers the victim as the primary subject of the intrusion and describes its role within the state’s guaranty framework. The post does not explicitly state whether the breach involved encryption or a data leak; the available information presents the post date as the publication date, but there is no confirmed compromise date provided. No ransom amount is disclosed on the leak page.

The leak page includes three image attachments that appear to be screenshots or internal documents related to the victim. The exact contents of these images are not described in the visible text. The images are referenced as attachments hosted on Tor onion addresses, meaning they are not accessible through standard browsing. In addition to the visuals, the page notes a Jabber contact with a redacted email address and an FTP-style address that also uses a redacted contact, along with a fingerprint-like value labeled “TOX.” The page indicates the presence of a claim URL, suggesting the attackers intend to publish or provide access to data, though no explicit data types or data volumes are specified in the excerpt.

Overall, the leak page frames the New Jersey Property-Liability Insurance Guaranty Association as the victim and uses October 14, 2025 as the post date. There is no disclosed ransom figure, and the available content does not provide a confirmed compromise date. The presence of three images implies a visual component to the leak, but their exact contents are not described here. The metadata also notes the actor group “qilin” and redacted contact details, which aligns with common ransomware leak-page patterns observed in extortion campaigns targeting financial services entities.