cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Print music giant Hal Leonard Australia falls victim to Qilin ransomware

Nearly 40 gigabytes of internal data, including financial details and emails, were posted to the dark web.

user icon David Hollingworth
Mon, 15 Jan 2024
Print music giant Hal Leonard Australia falls victim to Qilin ransomware
expand image

The Qilin ransomware gang has shared 37.6 gigabytes of data belonging to print music company Hal Leonard Australia.

The gang’s initial post was made on 8 January, with Hal Leonard given a week to pay an undisclosed sum of money for ransom. And, true to its word, the gang has now published the entirety of the data.

“In a result of successful attack on this company we have captured a lot of data: private contracts, agreements, all financial documentation, projects, e-mail correspondence and much more,” a Qilin spokesperson said on the gang’s leak site. “In a case if this company won’t get in touch all data which we have will be accessible for download in a week.”


Like many ransomware groups, English is clearly not Qilin’s native language.

Before publishing the entire data breach, Qilin had shared some documents as proof of hack. These documents included a full list of Hal Leonard employees along with business and private email addresses and the names of reporting managers. Also included were emails regarding credit details with third-party customers, debt notices, and banking summaries.

According to Hal Leonard Australia’s website, the company is a subsidiary of the larger Hal Leonard Corporation, a company that specialises in the sale of print music from a raft of well-known artists, including “The Beatles, Miles Davis, Diana Krall, Justin Timberlake and Stevie Wonder as well as the music of Irving Berlin, and Rodgers & Hammerstein”.

Cyber Daily has reached out to Hal Leonard Australia for comment.

Qilin is thought to be a ransomware-as-a-service provider that began operations in 2022, using malware written in the Rust and Golang programming languages. It has been observed using Russian language hacking forums to advertise its business and recruit affiliates.

Qilin is hardly prolific – it listed only 12 victims between July 2022 and May 2023 – but it has targeted organisations all over the world, including several in Australia.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.