[QILIN] – Ransomware Victim: ZEF’s

AI Generated Summary of the Ransomware Leak Page

On October 14, 2025, a ransomware leak post identifies ZEF’s as a victim. The post is attributed to the group qilin and concerns ZEF’s—The Center for Development Research, an institute of the University of Bonn in Germany. The page presents the incident as a breach and includes a claim URL that appears to authorize further disclosure or negotiation. The post date is the published date of the page, and no explicit compromise date is provided within the leak text. The page is accompanied by three images intended to illustrate the incident, though their specific content is not described in the accompanying text.

The body excerpt and metadata show several indicators of sensitive information. A Jabber contact line is referenced, but the address is redacted to remove PII. A TOX fingerprint string is present, and there is a mention of an FTP-like data path that contains redacted credentials. The page includes three image assets, but their exact contents are not described. There is no openly stated ransom amount on the post, and no downloadable data is clearly indicated on the page. The metadata in this dataset lists the country as Finland and the industry as Not Found, while the victim identity remains ZEF’s. Overall, the material aligns with the typical structure of a ransomware leak post featuring images, contact indicators, and a claim URL, without explicit details on encryption status or monetary demands.