Skip to content
RansomwareOngoing

Sterimed: internal files published after a cyberattack

On 21 April 2026, French medical-packaging manufacturer Sterimed was claimed by the Qilin ransomware group, which published internal files — technical documents, project data, HR records, IT-security material and system backups — on its dark-web leak site.

Victim
Sterimed

On 21 April 2026, Sterimed — a France-rooted international group and world leader in sterilisation packaging for medical device makers, hospitals and the pharmaceutical industry — was listed as a victim by the Qilin ransomware gang, which began publishing the company's internal files on its dark-web leak site.

Qilin operates a ransomware-as-a-service model and practises double extortion, exfiltrating data before encryption and then progressively releasing it when no ransom settlement is reached. The samples posted for Sterimed included a wide range of internal directories and documents.

Categories of data exposed in the published files include:

  • Technical documents and internal procedures
  • Industrial and client project data
  • HR records (internships, training)
  • IT-security information (including Office 365 material)
  • System backups and legacy environments (e.g. HP-UX)
  • Administrative and service documents

The exact scale of the compromise remained unconfirmed: no official communication established the total volume of exfiltrated files or the number of records affected. As of disclosure, the incident was ongoing, with Qilin continuing to publish data in the absence of a settlement and no public statement from Sterimed confirming the full extent of the breach.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/sterimed-des-fichiers-internes-publies-apres-une-cyberattaque/
  2. ransomware.livehttps://www.ransomware.live/group/qilin

Related incidents

RansomwareOngoing

Leak at Résidence du Parc (Champdeniers-Saint-Denis)

In December 2025, the EHPAD Résidence du Parc nursing home in Champdeniers-Saint-Denis (Deux-Sèvres, France), home to around 90 residents, was hit by a ransomware attack that encrypted files and dropped a $5 million ransom note; administrative data and possibly scanned ID documents were exposed.

Victim
Résidence du Parc (Champdeniers-Saint-Denis)
RansomwareOngoing

Leak at Haute-Comté intercommunal hospital centre

On 19 October 2025, the Centre Hospitalier Intercommunal de Haute-Comté in Pontarlier (France) was hit by a Cryptolocker ransomware attack that encrypted part of its data, forcing a full IT shutdown and a return to paper-based care; attackers demanded a 5 million euro ransom.

Victim
Haute-Comté intercommunal hospital centre