The Qilin ransomware group has claimed responsibility for an alleged cyberattack against Sysco, one of the world’s largest food distribution companies, threatening to leak stolen data if the company does not engage in negotiations.
The cybercriminal group added Sysco to its dark web extortion site this week and published several files it says were taken from the company’s internal systems. The leaked samples appear to include invoices, supplier tax forms, and customer pricing documents.
Alongside the leaked files, Qilin posted a countdown timer warning that additional data may be released publicly if demands are not met. The tactic is commonly used by ransomware groups to pressure victims into responding before sensitive information is exposed online.
At the time of reporting, Sysco had not publicly confirmed a ransomware incident or verified the authenticity of the leaked data. The company also has not disclosed whether its systems experienced operational disruption or whether customer information was affected.
Sysco is a major supplier to restaurants, schools, hospitals, hotels, and other institutions, making the company a significant player in global food distribution networks. Because of its position in the supply chain, any cyber incident involving Sysco could raise concerns about downstream operational impact, particularly if internal ordering or logistics systems are disrupted.
The leaked sample files published by Qilin appear focused primarily on business records rather than personal consumer data. However, researchers warn that even limited exposure of supplier agreements, pricing structures, invoices, and internal documentation can create financial and security risks for affected organizations.
Qilin has become one of the more active ransomware operations over the past year, targeting organizations across healthcare, manufacturing, transportation, and enterprise sectors. The group typically combines data theft with extortion, threatening to publicly release stolen information even if victims restore encrypted systems independently.
Modern ransomware operations increasingly prioritize data exfiltration over disruption alone. In many cases, attackers steal large volumes of internal documents before deploying ransomware, allowing them to pressure companies through reputational damage and regulatory risk rather than encryption alone.