Qilin ransomware posted three victims spanning Austria, Slovenia, and Canada: Avcon Jet, a Vienna-based private aviation charter and aircraft management company; SKUPINA Don Don, a Slovenian food retail and distribution group; and Trican, a major Canadian oilfield services company. The batch extends Qilin’s position as the leading ransomware group globally by victim count in 2026, with 1,888 total claimed victims since October 2022.
Avcon Jet’s Passenger Manifests and the Intelligence Value of Private Aviation Data
Private aviation data occupies a distinct category of sensitivity from standard corporate PII. Avcon Jet provides charter flights, aircraft management, and maintenance services, which means the company’s records include high-profile passenger manifests, travel routes, flight timing, client contracts, billing records, and identity documentation — passport and national ID information — for the executives, government officials, high-net-worth individuals, and corporate principals who use private charter services.
The intelligence value of private aviation passenger data extends beyond identity theft. Travel patterns reveal meeting destinations, business relationships, and the geographic movements of individuals who have deliberately chosen private aviation specifically to reduce their public footprint. A manifest that shows an executive flying to a particular location on a particular date in combination with a billing record identifying who paid for the flight can expose sensitive business negotiations, political meetings, or personal relationships that the individuals involved have taken active steps to keep private.
Avcon Jet’s client contracts and maintenance records additionally expose the full fleet of aircraft under its management — aircraft that may include vehicles registered to operating companies, family offices, or legal entities designed to obscure beneficial ownership.
Trican Well Services and the Operational Data Risk in Canadian Oilfield Services
Trican provides fracturing, cementing, coiled tubing, and nitrogen services for oil and gas well completion across Canada. An oilfield services company’s data holdings span two risk categories: the IT business records — employee data, financial records, client contracts — common to any commercial enterprise, and a more specialized category of operational data that is sensitive to Trican’s energy company clients.
Oilfield services companies accumulate geological and reservoir data, well completion specifications, fracturing design parameters, and production performance records for the energy company clients they serve. This data is competitively sensitive in the energy sector: the geological and production characteristics of a specific oil or gas well represent significant capital investment in exploration and development, and disclosure to competitors or foreign state actors with energy interests creates commercial and national security implications beyond the direct breach of Trican’s own systems.
SKUPINA Don Don and Qilin’s Sector-Agnostic Affiliate Targeting Model
SKUPINA Don Don, the Slovenian food retail and distribution group, is the third victim in a single-day posting that also claimed a private aviation company and an energy services firm. The sectoral diversity of this batch — aviation, food retail, oilfield services — across Austria, Slovenia, and Canada illustrates the structural characteristic of Qilin’s operations: the group’s globally distributed affiliate network selects targets independently based on opportunity and operational access, rather than executing coordinated campaigns against specific sectors or geographies.
Food retail companies hold point-of-sale transaction databases, supplier and procurement contracts, customer loyalty program member data, and inventory management systems. For a regional food retail group, the supplier contract data can expose pricing arrangements and supply chain terms that are commercially sensitive to both the retailer and its suppliers.
Qilin’s 1,888-Victim Total and Its Position as the Leading Ransomware Group in 2026
Qilin’s 1,888 total claimed victims since October 2022 and its position at the top of the 2026 victim count rankings reflect a post-LockBit competitive landscape in which Qilin has expanded its affiliate recruitment and geographic reach following the law enforcement operations that significantly disrupted LockBit. The group’s ability to post victims across three countries and three unrelated sectors in a single day demonstrates the operational capacity of a large, distributed affiliate model where hundreds of independent operators are simultaneously targeting organizations across different industries and regions.
The June 4 posting adds to a sustained pace that has made Qilin the benchmark against which other ransomware groups’ volume is measured in 2026. For security teams monitoring ransomware threat intelligence, Qilin’s affiliate-driven, sector-agnostic model means that no industry vertical or geographic region is a low-risk assumption.
