Ransomware Group: QILIN

VICTIM NAME: Rihatec Systemlösungen

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Rihatec Systemlösungen is a Munich‑based technology company that designs and builds control cabinets and automation solutions for machines and systems. The leak page identifies Rihatec as a ransomware victim and lists the post date as October 14, 2025 (the post date, given that a specific compromise date is not provided). The company operates in the technology sector and serves clients across the DACH region with a portfolio that includes standard and customizable control cabinets, including hygienic design cabinets, frequency converter cabinets, and temperature control systems for industries such as food, medicine, and general industrial processes. The page emphasizes the firm’s strengths in electrical engineering, consulting, and project planning.

The leak page indicates that data has been exfiltrated and notes that the amount of downloaded data is unknown at this time, with a promise that additional data will be added later. It includes three images or screenshots, described only in general terms, which is typical for ransomware leak postings that accompany data‑breach notices. The post also provides redacted contact channels (an email alias) and a redacted data‑transfer reference, reflecting common leak‑page practices to reveal the victim’s identity while shielding sensitive details. The overall framing aligns with data‑leak style activity rather than a straightforward encryption event.

Contextually, the post date is October 14, 2025; in the absence of a clearly stated compromise date, this is treated as the post date. No explicit ransom amount is shown in the available excerpt. The page also features three image assets that accompany the narrative, without disclosing their contents. The focus of this CTI write‑up remains on identifying the victim, Rihatec Systemlösungen, and summarizing the page’s stated indicators of a ransomware data‑leak event, as opposed to any other named entities mentioned in surrounding text.