QILIN Ransomware Group Lists Spanish Architecture Firm Ruiz Barbarin Arquitectos Slp as Victim

The QILIN ransomware operation has listed Ruiz Barbarin Arquitectos Slp—a Spanish architectural firm—among its claimed victims, according to a victim tracking report from RedPacket Security. The listing suggests the threat actors may have gained access to the firm's systems and potentially exfiltrated data, though the scope of the intrusion and any resulting ransom demands remain unclear.

Ruiz Barbarin Arquitectos Slp operates as a limited partnership under Spanish corporate law, specializing in architectural services. QILIN, an increasingly active ransomware-as-a-service operation, has targeted organizations across multiple sectors globally, often employing double-extortion tactics—threatening to publish stolen data if ransom demands go unpaid. The specific data allegedly taken from the architecture firm has not been publicly disclosed by the threat actors.

The listing adds to a growing pattern of professional services firms—including engineering, design, and consulting companies—becoming targets for ransomware groups. Architectural firms typically hold sensitive project data, client information, and potentially financial records, making them attractive to threat actors seeking leverage. Security researchers continue to monitor QILIN's dark web leak site for additional disclosures related to this victim. Organizations in similar sectors are urged to review ransomware defenses and incident response capabilities given the active targeting observed.