[QILIN] – Ransomware Victim: Wassa, SRO
NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security. Any legal issues relating to the content should be directed at the attackers, not RedPacket Security. This blog is an editorial notice informing that a company has fallen victim to a ransomware attack. RedPacket Security is not affiliated with any ransomware threat actors or groups and will not host infringing content. The information on this page is automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.
AI Generated Summary of the Ransomware Leak Page
On 2025-10-19, a leak post attributed to the ransomware group qilin identifies Wassa, SRO as the victim. The metadata places the victim in the Czech Republic (CZ) but does not provide a clear industry category. The body excerpt is a lengthy, English-language profile of the company rather than a straightforward encryption notice; it describes Wassa, SRO as a Czech enterprise established in 2012 that operates a sheltered workshop with more than 100 protected positions and offers “facultative compensation” to reduce penalties for not employing the statutory number of handicapped citizens. The text emphasizes compliance with local employment law, states that facultative compensation can reach up to 50 million CZK, and argues that health status should not be a barrier. It further touts ISO 9001 and ISO 14001 certifications, ongoing internal and external audits, and a commitment to environmental stewardship, including Green Dot membership. The excerpt also mentions a collaboration with a Liberec-based research institute to optimize packaging technologies and notes that the amount of downloaded data is unknown at the moment and will be added later. A claim URL is indicated on the page, consistent with leak-site practices, and the post includes three attached images, described only in general terms.
The page presents three image attachments (likely screenshots or documents) as part of the post, hosted on a Tor onion service, though the exact contents are not described in the excerpt. Contact channels appear in the data, including a Jabber address and a TOX fingerprint, and there is an FTP address listed with credentials; however, personally identifiable information is redacted in the public copy. All URLs and onion references have been defanged for safety. The post does not explicitly state whether the attack resulted in encryption or a data leak, and there is no disclosed ransom amount in the provided text; the date on the page serves as the post date since no explicit compromise date is given. Taken together, the page mirrors a ransomware-leak post format that ties a victim identity to a group label, an accompanying claim mechanism, and visual attachments, while the precise operational impact on Wassa, SRO remains unclear from the excerpt.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
