Ransomware Group: QILIN

VICTIM NAME: Pro-Fab

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page references a victim named Pro-Fab, a Canada-based company described as specializing in custom design and fabrication for cleanroom environments across high-tech sectors such as semiconductor manufacturing, medical/pharmaceutical labs, and defense. The post is attributed to the threat group qilin, with the page dated 2025-10-14. Because no separate compromise date is provided in the data, the post date is treated as the key date for this entry. The page also notes that a claim URL is present, signaling a public assertion of data exfiltration or loss—consistent with ransomware leak sites that accompany extortion-facing posts.

The page contains three image assets referenced by the leak entry, described only in general terms as screenshots or internal documents. Their presence aligns with standard ransomware leak patterns that use visual evidence to bolster claims of access or exfiltration without detailing the full content in the summary. The metadata also includes redacted contact indicators (a Jabber address and a Tox fingerprint) and an FTP-style credential line, which have been redacted to protect personally identifiable information. No ransom amount or monetary demand is provided in the available data, so the exact figure remains undisclosed. The entry situates Pro-Fab in Canada and attributes the post to the qilin group, consistent with double-extortion activity where attackers threaten data leaks alongside encryption or other disruption.