Ransomware Group: QILIN

VICTIM NAME: ville-saintclaude[.]fr

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

ville-saintclaude[.]fr is listed as the victim in a leak page attributed to the Qilin ransomware group. The page identifies the target as Mairie de Saint-Claude, the city hall of Saint-Claude in France, a municipal government body located in the Jura department within the Bourgogne-Franche-Comté region. The post is dated October 6, 2025, and there is no separately stated compromise date beyond the post date. The leak frames the incident as a data-leak event rather than a traditional encryption incident, and it notes that a claim link is present on the leak site. The content centers on ville-saintclaude[.]fr as the named victim, with other organizational names in the surrounding text not emphasized in this summary.

The leak page includes a sizeable media set—twenty image attachments described as screenshots or thumbnails. These images appear to be internal documents or related materials intended to substantiate the attackers’ claims. The assets are hosted on an onion service, but the exact addresses are not reproduced here. The post also lists several data-exchange channels (a Jabber handle, a TOX key, and an FTP reference); the specific values are redacted or obfuscated in the public excerpt. There is no ransom amount disclosed in the public content, though the presence of a claim URL indicates the attackers seek public visibility for the breach. The overall presentation is consistent with a data-leak post rather than a straightforward encryption notification.

Metadata confirms the victim is ville-saintclaude[.]fr, a municipal government entity in France. The post date is 2025-10-06, which serves as the post date in the absence of an explicit compromise date. The page emphasizes exfiltration and public disclosure, supported by the twenty media attachments and a link to a claim page, while sensitive contact details (emails, direct addresses) are redacted in this sanitized summary. No explicit ransom demand is shown in the excerpt, and the page’s content focuses on data leakage rather than a confirmed encryption event.