Ransomware Group: QILIN

VICTIM NAME: wheel-king

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Wheel King Transhaul Inc., a Canadian company specializing in transportation and logistics services. The attack was publicly disclosed on May 30, 2025, a day after the initial attack date of May 29, 2025. The company is a privately held enterprise with a focus on dedicated fleet services and emphasizes family-operated values. The leak reveals that the company’s internal data has been compromised and is now available on the dark web. Although detailed specifics of the compromised data are not provided, the leak suggests potential exposure of sensitive operational information. The page includes visual evidence in the form of screenshots of internal documents, which imply the severity of the breach. The leak also contains links for data download or further investigation. No personally identifiable or sensitive employee information is explicitly mentioned, adhering to privacy standards for reporting.

The incident highlights the ongoing cybersecurity risks faced by companies within the transportation and logistics sector. The attack underscores the importance of robust security measures and vigilant monitoring to safeguard operational data from malicious actors. The leak page includes references to the group’s broader activities, indicating this breach may be part of a larger campaign targeting similar industries. The company’s website remains active, suggesting ongoing operations despite the breach. This incident serves as a reminder for organizations in critical infrastructure sectors to evaluate and strengthen their cybersecurity defenses to prevent future compromises. The leak does not disclose specific technical vulnerabilities or details about the affected systems, but the presence of downloadable data indicates potential exposure of operational or proprietary information that could be exploited in further cyberattacks.