Ransomware Group: QILIN

VICTIM NAME: Volkswagen Group France

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak post centers on Volkswagen Group France as the victim of a ransomware-related incident. Dated October 14, 2025, the post frames the event as a data leak rather than encryption, aligning with common double-extortion patterns. The attackers claim to have exfiltrated databases totaling over 100 GB containing sensitive information about users, clients, and employees. The page states this is a data breach and suggests that stolen data may be released publicly or used as leverage. Nine images accompany the post and are described only in general terms as screenshots or internal documents and branding assets; their specific contents are not detailed in this summary. The narrative focuses on Volkswagen Group France, with other corporate names not elaborated here. The post date is the stated timestamp; no separate compromise date is provided on the leak page.

The page references additional artifacts such as a Jabber contact and an FTP address containing credentials, though personal contact details and the full URL details are redacted to protect privacy in this summary. A TOX fingerprint is also listed as part of the post metadata. The page includes a claim link indicating a public-facing notification of the event, but no ransom amount or demand is disclosed within the posted text. The leak page includes nine images intended as corroboration, described in neutral terms as internal-document-style screenshots or branding imagery. The overall presentation is consistent with data-leak/extortion narratives often used in ransomware incidents, and the timestamp provided is treated as the post date since no compromise date is shown. The focus remains on Volkswagen Group France as the victim, with other named entities not elaborated in this summary.