[QILIN] – Ransomware Victim: SANgel

AI Generated Summary of the Ransomware Leak Page

On 19 October 2025, SANgel is depicted on a ransomware leak page as a victim. SANgel is described as a Gabonese company based in Libreville that produces and distributes frozen foods, importing, processing, and distributing products such as meats, fish, prepared dishes, and desserts, with retail “freezer centers” in Libreville. The post frames the incident as a data-leak event tied to a ransomware intrusion, not merely encryption. The post date is 19 October 2025, and the page states that data exfiltration has occurred, but the exact volume of stolen data is unknown at the time of posting, with a note that additional details will be added later. There is no explicit compromise date listed, so the post date is treated as the date of the leak. The page references attacker contact channels (for example, a Jabber address) and a Tox fingerprint, though these contact details are redacted in this sanitized report; an FTP address with credentials is also referenced but likewise redacted. The post indicates a claim URL indicator, suggesting a link to further information or a download may be part of the post.

The leak page includes three images, described in the metadata as screenshots or internal documents intended to corroborate access to SANgel’s data. The assets are noted to be hosted on an onion service, though the exact contents of the images are not detailed in the provided data. The page states that the amount of downloaded data is unknown at the moment and that more information would be added soon. There is no explicit ransom amount disclosed in the available text, and the overall narrative aligns with a data-leak/double-extortion pattern commonly seen in ransomware campaigns, with no clearly stated compromise date beyond the post date and no explicit mention of encryption status in the supplied excerpt.