Qilin Expands Campaign, Listing U.S. Law Firms and Australian Retail Cooperative on Leak Site
The Qilin ransomware group has added three new organizations to its dark web leak portal, escalating pressure on victims through public data exposure tactics. The latest listings include two Florida-based law firms, Cox & Sanchez and Andringa Law, along with Mt Barker Co-Operative, a retail cooperative operating in Western Australia.
The disclosures were posted to Qilin’s leak site on February 11, 2026, where the group claims to have obtained sensitive internal documents and business data. As with previous campaigns, the postings appear designed to compel negotiations by publicly showcasing file samples and metadata.
Ransomware groups increasingly rely on leak portals not only to threaten encryption but also to demonstrate proof of compromise, intensifying reputational and regulatory risks for affected organizations.
Named Victims Across Two Continents
Cox & Sanchez, a Florida-based civil litigation and family law firm, was listed as a victim on the group’s portal. The law firm sector has become a frequent ransomware target due to its repositories of client contracts, legal strategies, and sensitive personal information.
Andringa Law, another Florida legal services provider, was also named. Legal practices often store privileged communications and financial records, making them particularly attractive to data extortion groups.
The third listed organization, Mt Barker Co-Operative, operates in Western Australia and provides hardware and grocery retail services. Retail cooperatives manage customer transaction data, supplier contracts, and internal operational systems, broadening the impact potential beyond professional services.
At the time of publication, it remains unclear whether all three organizations experienced data encryption, data exfiltration, or both.
Alleged Compromised Data
According to Qilin’s leak site descriptions, the group claims to have accessed internal documents, corporate records, and business communications. While full datasets have not been publicly released, preview samples typically include contracts, identification documents, financial spreadsheets, and internal correspondence.
Law firms are particularly vulnerable in such scenarios, as exposure of litigation materials or client records can create downstream legal liabilities.
In retail environments, compromised data may include vendor agreements, employee records, and operational logistics information.
Independent verification of the full scope of the alleged stolen data has not yet been confirmed.
Qilin’s Evolving Extortion Model
Qilin operates as a ransomware-as-a-service group, offering affiliates access to encryption tools and leak infrastructure in exchange for a share of ransom proceeds.
The group has gained prominence for targeting professional services firms and mid-sized enterprises, sectors that often lack the cybersecurity resources of larger corporations but still hold valuable data.
By publicly listing victims across different industries and geographies, Qilin reinforces its reputation and increases psychological pressure on organizations that may be weighing negotiation options.
Broader Implications for Legal and Retail Sectors
The targeting of two law firms in a single disclosure highlights persistent risks within the legal sector, where privileged information can become a leverage tool in extortion campaigns.
Retail cooperatives, meanwhile, face operational disruption risks that can affect supply chains and local communities, particularly in regional markets.
Security experts warn that organizations handling high-trust or high-value information must prioritize backup integrity, network segmentation, and incident response preparedness to mitigate the impact of ransomware threats.
As ransomware groups continue publishing victims to maintain visibility and credibility, public leak portals have become both a negotiation tactic and a reputational weapon in the modern cyber extortion landscape.
Source: Daily Dark Web
