[QILIN] – Ransomware Victim: Northern Light Technologies

AI Generated Summary of the Ransomware Leak Page

On 2025-10-22, Northern Light Technologies (NLT) appears on a ransomware leak page operated by the threat actor group qilin. NLT is a Canadian-based technology company that designs and manufactures underground lighting and networking solutions for the mining and tunneling industries, with manufacturing and assembly facilities in Canada, Australia, and Chile. The post frames the incident as a data theft and exfiltration event rather than a conventional encryption breach, asserting that about 250GB of the company’s data has been stolen and that samples are being released as proof of the breach. It warns that the remaining data will be published within 72 hours if demands are not met, signaling a data-leak extortion approach. The attackers reference a claim URL and provide attacker identifiers (a handle and a TOX fingerprint), but sensitive contact details shown in the excerpt are redacted. The excerpt also mentions an FTP reference with credentials, though these details are sanitized in the public view.

The leak page includes a gallery of 26 image assets, presented as thumbnails or screenshots that purportedly illustrate internal documents or related materials. The specific contents of these images are not described in the visible text, but their presence indicates an attempt to substantiate the data exfiltration claim with visual artifacts. The post does not disclose an explicit ransom amount within the excerpt; instead, it emphasizes the quantity of stolen data and the countdown to public release. This aligns with common ransomware double-extortion patterns where attackers threaten disclosure of additional data to pressure negotiations. The post continues to frame Northern Light Technologies as the affected entity, with a public-facing post date serving as the disclosed timestamp for the incident.