The Qilin ransomware group claims to have breached multiple organizations across various global sectors. The latest list of alleged victims posted by the group on April 21, 2026, includes:
-
Sea Air International Forwarders (🇨🇦): A provider of freight and logistics services.
-
Kolin Turkey (🇹🇷): A large construction company based in Turkey.
-
Industrial Carrocera Arbuciense (INDCAR) (🇪🇸): A manufacturing company specializing in passenger vehicles.
-
PTS Office Systems (🇺🇸): A retail organization operating out of Pennsylvania.
-
Huonker GmbH (🇩🇪): A manufacturing and engineering firm based in Germany.
-
Ferguson Timar (🇺🇸): A financial services and CPA firm.
-
Safety Engineering Laboratories (🇺🇸): A business services and consulting firm.
-
STERIMED (🇫🇷): A manufacturing company specializing in medical sterilization packaging.
-
Avitrans (🇦🇹): A freight and logistics services organization.
-
Rusk County (🇺🇸): A local government entity located in Wisconsin.
According to the actor, the networks of these ten organizations have been compromised. While the exact file directories have not yet been fully published, the allegedly compromised data in these types of multi-victim ransomware attacks typically includes:
-
Internal financial records and contracts
-
Confidential corporate communications
-
Employee personally identifiable information (PII)
-
Customer and vendor data
