[QILIN] – Ransomware Victim: Victory Christian Center

AI Generated Summary of the Ransomware Leak Page

On October 15, 2025, a ransomware leak post identifies Victory Christian Center as the victim in an Education-sector incident, with the organization located in Tulsa, Oklahoma. The post is attributed to the threat actor group qilin and frames the incident as a data-leak event rather than a pure encryption event. The attackers claim to have exfiltrated data from the victim’s network and imply that stolen material may be released publicly or offered for sale, consistent with double-extortion ransomware patterns. The post does not publish a ransom amount, and the exact volume of exfiltrated data is not disclosed; the post notes that the amount of downloaded data is unknown at the moment. A compromise date is not explicitly provided beyond the post date.

The leak page includes three images, described as likely screenshots of internal materials. These images appear to be hosted on Tor onion addresses, though the actual image URLs are not disclosed in this summary. In addition to the images, the leaked text includes contact-like identifiers, such as an email-style contact, a Tox ID, and FTP login details; the actual values have been redacted to protect privacy. The victim name—Victory Christian Center—is preserved in the report, while other organization names mentioned in the text are not repeated here. The page reiterates that the amount of downloaded data remains unknown and does not present a clearly stated ransom demand on the leak page.