Ransomware Group: QILIN

VICTIM NAME: uhlcompany[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page associated with uhlcompany[.]com is dated October 4, 2025 and identifies uhlcompany[.]com as the victim of a ransomware incident. The metadata shows the industry field as Not Found, so the victim’s sector is not disclosed in this dataset. The page presents a scenario describing widespread infrastructure disruption—such as issues with lighting, climate control, and surveillance—as a narrative to convey the attack’s operational impact. It signals a data-related risk typically seen in ransomware campaigns and references a claim URL for additional details, though no explicit ransom figure is shown in the visible excerpt. Since no separate compromise date is provided, the post date is treated as the publication date for this entry.

The page includes a gallery described as 26 image thumbnails, which are presented as evidence of the attack and purported data exposure, though the exact contents of the images are not detailed in the summary. The body excerpt reveals a few contact-like elements, including a Jabber address and a Tox key string, both redacted in the public metadata, and an FTP-like access path with credentials that are likewise redacted. No raw image URLs or external links are included in the public summary. Taken together, these elements—an incident narrative, a multi-image gallery, and redacted contact/credential details—are consistent with ransomware leak posts that emphasize impact and data exposure, with the post date confirmed as October 4, 2025.