Qilin (Agenda) Ransomware Reaches Malaysia
Qilin announced a successful ransomware attack against Felda Global Ventures Holdings Berhad from Malaysia. This is a holding company with global interests in agriculture and products like soybean, canola, and palm oil.
- The original post stated that hackers managed to steal a lot of confidential data
- This includes private contracts, confidential financial sheets, emails, written accords, and internal projects
- Felda Global didn’t comment on the event, and it’s not yet clear how much data the hackers have managed to extract precisely
- Qilin is known to conduct brutal negotiations, but they typically don’t demand absurd ransoms
The concerning rise in ransomware attacks says less about the victim’s poor defenses and more about the hackers’ adaptability and proficiency. CISA and FBI have published extensive statistics and reports showing that hacker groups are upgrading themselves.
This includes both veteran and newcoming actors, which gain traction and popularity faster than ever before. Qilin is one such case. Despite not having reached 2 years of existence yet, Qilin is already a recognizable name in the ransomware sphere.
While the competition in the ransomware field is fierce, Qilin stands out in terms of tools and systems. The cyber threat actor holds some of the most advanced encryption systems and doesn’t shy away from targeting high-value organizations.
This is one of the reasons why Qilin qualifies as a dangerous and sophisticated cybercriminal actor. Another reason would be that Qilin uses its own encryption algorithm. This increases its effectiveness and elusiveness.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
How Qilin Operates
Qilin uses the double-extortion practice. The hackers both encrypt the victim’s files and extract valuable data which they can use as leverage during negotiations. The victim is then forced to negotiate for both the decryption key and the deletion of the stolen data.
While Qilin hackers are known to keep their word when it comes to providing the decryption key, not much is known about their willingness to delete the stolen data. In fact, records show that most ransomware actors prefer to sell the data to other third parties.
In most cases, those third parties are other ransomware or DDoS hackers who use the newly gained data to conduct their own operations. This leads to one victim being breached several times following a ransomware incident, each time by different culprits.
Whether Qilin does that and to what extent that’s still unknown. Even so, experts advise ransomware victims to adopt a no-negotiation policy. First, because paying the ransom doesn’t guarantee anything. Second, hackers live off of ransoms.
If nobody would pay the ransom, there would no longer be any ransomware attacks, because they would all be in vain. Granted, not everybody can afford not to pay. In some cases, having the data leak publicly is more damaging than taking the ransom loss.
So, the ultimate decision comes down to whatever the victim decides. If you believe you qualify as a potential ransomware victim, make sure to invest in cybersecurity. It wouldn’t hurt to contact actual experts in the matter for a plus of safety and peace of mind.