Sterimed: internal files published after a cyberattack
On 21 April 2026, French medical-packaging manufacturer Sterimed was claimed by the Qilin ransomware group, which published internal files — technical documents, project data, HR records, IT-security material and system backups — on its dark-web leak site.
- Victim
- Sterimed
On 21 April 2026, Sterimed — a France-rooted international group and world leader in sterilisation packaging for medical device makers, hospitals and the pharmaceutical industry — was listed as a victim by the Qilin ransomware gang, which began publishing the company's internal files on its dark-web leak site.
Qilin operates a ransomware-as-a-service model and practises double extortion, exfiltrating data before encryption and then progressively releasing it when no ransom settlement is reached. The samples posted for Sterimed included a wide range of internal directories and documents.
Categories of data exposed in the published files include:
- Technical documents and internal procedures
- Industrial and client project data
- HR records (internships, training)
- IT-security information (including Office 365 material)
- System backups and legacy environments (e.g. HP-UX)
- Administrative and service documents
The exact scale of the compromise remained unconfirmed: no official communication established the total volume of exfiltrated files or the number of records affected. As of disclosure, the incident was ongoing, with Qilin continuing to publish data in the absence of a settlement and no public statement from Sterimed confirming the full extent of the breach.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/sterimed-des-fichiers-internes-publies-apres-une-cyberattaque/
- ransomware.livehttps://www.ransomware.live/group/qilin