Progressive Propane Ransomware Attack by Qilin (April 2026)

Claim Summary

On April 24, 2026, the Qilin ransomware group added Progressive Propane to their dark web leak site. The entry lists the victim as a US-based energy company operating at www.progressivepropane.com. No data samples, volume details, or specific stolen information have been published at this time. The claim remains entirely unverified by Yazoul Security or any independent third party.

Progressive Propane is a propane distribution and services company serving residential, commercial, and agricultural customers in the United States. As an energy sector entity, any confirmed incident could have implications for supply chain continuity and customer safety.

Threat Actor Profile

Qilin (also tracked as Agenda) is a ransomware-as-a-service operation first observed in mid-2022. The group has a substantial track record, with 1,617 known victims according to available data. Their operational history includes targeting critical infrastructure sectors, including energy, healthcare, and manufacturing.

Known tools and tactics associated with Qilin include:

• Mimikatz: Credential theft and lateral movement
• EDRSandBlast: Endpoint detection and response evasion
• PCHunter and PowerTool: Kernel-level process manipulation
• Nmap and Nping: Network reconnaissance
• EasyUpload.io and MEGA: Data exfiltration and staging

Qilin has previously demonstrated the ability to propagate to VMware vCenter and ESXi environments via custom PowerShell scripts, as documented by Trend Micro. The group has also been linked to SIM-swapping and SMS phishing campaigns, as noted in Google Cloud’s threat intelligence reporting.

Given their extensive victim count and documented technical capabilities, Qilin is considered a credible threat actor. However, ransomware groups frequently exaggerate or fabricate claims to pressure victims into paying ransoms. This claim should be treated with appropriate skepticism until verified.

Alleged Data Exposure

As of this report, Qilin has not released any data samples, file lists, or evidence of exfiltration. The data volume is listed as “Undisclosed.” This could indicate:

• The attack is in early stages of extortion
• The group is still negotiating with Progressive Propane
• The claim may be exaggerated or false

Without published evidence, the scope and nature of any alleged data breach remain unknown.

Potential Impact

If confirmed, a ransomware incident at Progressive Propane could affect:

• Operational continuity: Disruption to propane delivery and customer service
• Customer data: Potential exposure of personally identifiable information (PII) or billing records
• Supply chain: Impact on commercial and agricultural customers relying on timely propane deliveries
• Regulatory compliance: Possible notification obligations under state data breach laws and critical infrastructure reporting requirements

Energy sector organizations are increasingly targeted by ransomware groups due to the potential for significant operational disruption and high willingness to pay ransoms.

What to Watch For

• Leak site updates: Monitor Qilin’s leak site for any data publication or additional claims
• Official statements: Progressive Propane may issue a press release or regulatory filing if the incident is confirmed
• Customer communications: Affected customers may receive notification letters if PII is involved
• Third-party confirmation: Look for independent verification from cybersecurity researchers or law enforcement

Organizations in the energy sector should review their own defenses against Qilin’s known TTPs, particularly credential theft tools like Mimikatz and EDR evasion techniques.

Disclaimer

This report is based on unverified claims published by the Qilin ransomware group on their dark web leak site. Yazoul Security has not independently confirmed the validity of these claims. Ransomware groups routinely exaggerate or fabricate victim claims to pressure organizations into paying ransoms. No data samples, credentials, or direct access to leaked information has been obtained or verified. This report is provided for intelligence purposes only and should not be used as the sole basis for any action or decision.