Ransomware Group: QILIN

VICTIM NAME: www[.]newseason[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to the healthcare provider operating the website of an addiction treatment center founded in 1986 and based in Maitland, Florida. The affected entity offers medication-assisted treatment, counseling, and medical services aimed at opioid addiction. The breach was discovered on May 1, 2025, although the attack date is listed as May 1, 2025. The compromised site is identified as www.newseason.com, a facility serving patients in the health sector. The incident appears linked to the threat group “qilin,” which may suggest a targeted attack on healthcare organizations or related services. The leak includes a publicly accessible online claim URL on a dark web site, indicating the breach’s confirmation.

The leak page features a screenshot displaying internal documents or data, although specific details of the exposed information are not provided publicly. No personal or sensitive PII, such as patient data or staff information, has been explicitly mentioned. The presence of download links or data leaks suggests that some files or data were accessed or stolen during the attack, but exact contents and scope are not detailed. The incident’s impact appears to be primarily related to the disruption or exposure of operational data within the health services provider’s domain. No additional incidents or duplicate leak reports are referenced, and the activity status remains unspecified.