Ransomware Group: QILIN

VICTIM NAME: www[.]ancc[.]org

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a cybersecurity incident involving the victim website associated with an organization in the United States, specifically targeting the domain www.ancc.org. The activity is classified under the education sector, and the attack was publicly claimed on May 1, 2025. The breach was discovered later the same day, with detailed information about the incident released on the dark web. The leak includes a screenshot depicting internal documents or related data, though specifics are withheld to prevent disclosure of sensitive information. No additional information about the nature of the compromised data has been provided, but the presence of a public claim URL indicates the attacker’s confidence in the breach and their intention to communicate the compromise to the public.

The leak page features a visual representation in the form of a screenshot, which likely displays internal content or crash evidence linked to the attack. The content targets a website associated with an organization that provides sports and recreational activities, including golf and fitness facilities, and has a history dating back to 1861. The attack group responsible is named “qilin,” though no information about the specific data stolen, such as sensitive records or personally identifiable information, has been shared publicly. The incident appears to be part of a broader campaign, but the available details focus primarily on the fact that a breach occurred and has been publicly claimed via the dark web. No download links or explicit data leaks are mentioned, but the claim URL and the leaked screenshot indicate possible data exposure if accessed.