Ransomware Group: QILIN

VICTIM NAME: www[.]landmarkmgtinc[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page associated with the domain www[.]landmarkmgtinc[.]com is attributed to the threat actor group “qilin” and publicly identifies the domain as a ransomware victim. The page’s content presents the domain as a property management firm that oversees 90 projects totaling 2,462 housing units across five states and highlights a long history—in the order of several decades of operation. The post date provided in the dataset is October 6, 2025; there is no explicit compromise date listed, so this timestamp is treated as the leak post date. The entry does not clearly state whether the attackers encrypted systems or exfiltrated data, nor does it disclose a ransom amount in the available fields. A claim URL is indicated, suggesting the attackers claim access or data exposure, but no monetary figure is provided in the data. The metadata notes the victim’s country as the United States, and while the industry field is not populated, the description centers on property management activities. The post also references a blog link and includes contact channels (a Jabber handle and an FTP credential) described in the body excerpt, though those contact details are redacted in the dataset.

The leak page contains a gallery of images—nineteen in total—likely representing internal documents or related visuals intended to accompany the claim. These image assets are hosted on a Tor onion service, indicating the use of dark web infrastructure for hosting media associated with the leak. The body excerpt further shows a short extract referencing the victim’s site and redacted contact information, along with a hashed identifier and an FTP-related detail, all of which are redacted in the public-facing data. No explicit ransom demand or encryption status is stated in the accessible fields (the income_or_ransom field is empty), and there is no downloadable material indicated in the metadata. Taken together, the page follows a typical ransomware leak pattern by evidencing data exposure through an image-backed gallery and contact artifacts, without presenting a concrete ransom figure in the supplied data.