• Home
  • News
  • Qilin Ransomware Infiltrates 2

Qilin Ransomware Infiltrates 2

Miklos Zoltan

By Miklos Zoltan . 24 February 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

Qilin ransomware posted a public notice about their latest victims. These are QCHerrera from Ecuador and Kinematica AG from Switzerland. According to the original post, the attacks took place today, the 24th of February.

  • Despite publishing the announcement, Qilin didn’t detail anything else related to the attack
  • They didn’t post any information regarding how much data they’ve stolen, the deadline for negotiations, or anything else of interest
  • The 2 victims didn’t make any public comment on the breaches
  • Qilin is known for targeting high-value targets

Qilin increased its cybercriminal activity recently, which coincided with a visible growth in the overall trend of cyber-attacks across the globe. The group is known for its inventive MOs and ruthless negotiations, giving it a scary reputation in the ransomware sphere.

Qilin relies on the double-extortion method, which is a standard MO among most ransomware actors. This means that the attacker will encrypt the victim’s files and download any data that they consider worthy of exploiting.

X showing the Qilin attack on the 2 victims
https://twitter.com/FalconFeedsio/status/1761390527835250886

This attack tactic often results in higher ransoms because the victim needs to negotiate both the decryptor and the deletion of the stolen data. Needless to say, negotiations tend to fail more often than not.

In fact, that’s what experts recommend anyway: don’t negotiate. According to ransomware specialists, there’s no guarantee that the attackers will keep their word and delete their data.

To make matters worse, some even share the stolen data with other ransomware actors. These will then extort the victims again, sometimes months later.

Who Is Qilin?

Qilin, or Agenda, first hit the public eye in August of 2022. This makes it one of the more resilient ransomware actors in a climate where even the ones with legendary status fall. See Lockbit’s recent downfall.

But this isn’t all there is to it. Qilin’s danger aura stems from its predilection for hitting high-profile targets. Unlike most ransomware organizations that rely on the spray-and-pray technique, Qilin goes the more tactical route.

The group will always monitor potential targets in advance for a while, looking for exploitable vulnerabilities and entry points. They always go for high-value nuts to crack and always use all their resources to ensure the success of the operation.

Once in, Qilin will export as much data as possible, which, in turn, will give them a lot of leverage during negotiations. It’s unclear what Qilin’s payment rate is, but the theory is that they’re doing better than most ransomware groups.

This is due to the organization’s discipline, high-end tools and tactics, and a specialized workforce consisting of veterans. Qilin is also a ransomware-as-a-service actor (RaaS), which allows it to use affiliates to improve its gains and reach.

So, how do you deal with Qilin? Experts advise working with cybersecurity professionals to strengthen your defenses. Especially if your business profile, revenue, and market visibility turn you into a potential target.

Qilin operators use the latest tools and tactics to circumvent imperfect defenses, which is to say, you want them to be perfect. And if you do happen to get breached, experts advise against negotiating.

This will lead to financial losses and incentivize hackers to stay in business. Not to mention, you have no guarantees that they will delete the data and not share it with other ransomware actors.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment