22.12.2025
2 min
445
One of South America’s most prominent football clubs, Club Atlético River Plate, has fallen victim to a ransomware attack. The Qilin cybercriminal group claims responsibility, stating that it breached the club’s internal systems and published stolen data on its darknet leak site.
The Qilin ransomware group listed River Plate on its victim portal, oddly categorizing the football club as an accounting services company. While the attackers did not disclose the total volume of exfiltrated data, they shared an Onion link containing thousands of files allegedly taken from the club’s servers.
The leaked materials reportedly include PDF, Word, Excel documents, emails, compressed archives, images, and videos. File timestamps range from 2021 to 2025 and appear to cover invoices, contracts, budgets, purchase requests, technical specifications, architectural plans, and internal records. Some documents may contain sensitive financial and contractual information.
Qilin is currently one of the most active ransomware groups operating under a Ransomware-as-a-Service (RaaS) model. Over the past six months, the gang has claimed more than 600 attacks worldwide. Analysts note that Qilin avoids targeting CIS countries, a pattern often associated with Russia-linked cybercriminal groups.
The gang is known for its double-extortion tactics, demanding payment for data decryption and an additional ransom to prevent public data leaks. Previous victims include hospitals, financial institutions, manufacturers, government entities, and multinational corporations.
The attack on River Plate highlights a growing trend: sports organizations are becoming high-value ransomware targets due to their vast repositories of personal, financial, and commercial data. The incident underscores the urgent need for robust cybersecurity measures beyond traditional corporate and government sectors.
