Ransomware Group: QILIN

VICTIM NAME: Richmond СPA

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak concerning Richmond Company CPA, a financial services firm, was discovered on April 21, 2025. The group behind the attack has announced that approximately 300 gigabytes of sensitive data will be published in full on April 28, if the company refuses to pay the ransom. The leak includes a broad range of internal information related to the company’s operations, clients, and financial records. The threat group, identified as “qilin,” has provided a link to their secure portal on the dark web for further information and to verify the claim. The leak page features a screenshot of internal documents, suggesting the extent of the compromised material.

The victim operates within the financial services sector, specifically offering accounting services, and is licensed in West Virginia. The threat actors have not disclosed specific details about the nature of the stolen data beyond the promised public release if demands are unmet. The attack date is noted as April 13, 2025, and the message emphasizes the severe impact of the breach, with the potential exposure of sensitive financial and business information. The compromised information, if leaked, could pose significant risks to clients and business operations. The notification underscores the importance of cybersecurity measures in protecting confidential data against evolving threats.

Images associated with the leak show screenshots of internal documents, indicating the depth of the data breach and the threat group’s confidence in their claim. The leak page is accessible via a dark web URL, highlighting the covert and illegal nature of this activity.