Ransomware Group: QILIN

VICTIM NAME: tmcousa[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page pertains to TMCo, Inc., a company based in Oklahoma specializing in manufacturing components for natural gas metering. The data breach was discovered on May 29, 2025, and the attack date is recorded as May 29, 2025. The affected company operates within the transportation and logistics sector in the United States. The threat actors have announced that all compromised data will be made available for download on June 9, 2025. The leaked information is stored on a dark web link, and a screenshot indicates the presence of internal documents or data visuals involved in the breach. No specific PII about employees or third-party entities has been publicly disclosed at this time. Security researchers note that the leak is attributed to a ransomware group named ‘qilin’, indicating the involvement of a malicious actor targeting corporate infrastructure.

The leak page indicates that once the data is publicly released, it may include sensitive operational or proprietary information related to the company’s manufacturing processes, client details, or internal communications. The publicly available screenshot suggests that the attackers have taken data from internal systems, possibly including documentation or configuration files. The attack has not been linked to any specific individuals or PII, emphasizing that the breach targets the organization’s data assets rather than personal information. The incident highlights ongoing cybersecurity risks faced by companies within the transportation and logistics industry, especially those dealing with critical infrastructure components.