• Home
  • News
  • Qilin Ransomware Targets a US-Based Non-Profit Corpo

Qilin Ransomware Targets a US-Based Non-Profit Corpo

Miklos Zoltan

By Miklos Zoltan . 11 February 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

Qilin ransomware announced a successful breach against Upper Merion Township, a US-based non-profit organization. The attacker posted a short summary of the victim on its public website and set a deadline for negotiations to complete.

  • Upper Merion Township didn’t comment on the recent attack
  • Qilin announced that they managed to secure in excess of 500 GB of data
  • The leaked information includes employee files, financial charts, email correspondence, private contracts, and much more
  • These would presumably cause significant financial and reputational damages if they were to leak publicly

While Upper Merion Township decided not to comment on the event, it is presumed that they’re actively looking for a way to solve the issue. Preferably without paying the ransom.

As an RaaS tool (Ransomware-as-a-service), Qilin relies on affiliates in exchange for a fee. This is quite a successful business tactic, as Qilin members themselves are never in the firing line, yet they still make bank.

X showing the Qilin attack on the Upper Merion Township

Most importantly, Qilin is always recruiting new affiliates and looks for manpower on a daily basis. The group’s job is simply to scan the market, identify potential targets, and disclose their vulnerabilities and details to the affiliates.

The affiliates will then take over the task and conduct the attack the way they seem fit. It’s unclear if it’s the affiliates who negotiate the ransom or Qilin representatives themselves.

What To Know About Qilin

The modern version of Qilin’s systems is the successor of its earlier iterations dating back to July of 2022. That’s when Qilin’s younger version, written in the Go programming language, first became public.

The ransomware actor didn’t make any waves at first, but that changed pretty fast. Qilin immediately began upgrading its systems and even changed its programming language to Rust.

This provides it with more tools to conduct successful operations and adapt easier to the victims’ defenses. But that’s not what makes Qilin so successful or feared.

The danger factor comes from the organization’s thorough understanding of what efficiency entails. Qilin always has efficiency as its ultimate goal and it aims to maximize its profits with every new hit.

A recent in-depth investigation revealed that Qilin pays its affiliates and partners a market-leading 80%-85% of the gains. This is unheard of in the industry and explains why Qilins’ affiliate-based business model is so successful.

In exchange for the passive income brought on board by the affiliates, Qilin:

  • Researches the market for targets,
  • Instructs and teaches affiliates about its systems, and
  • Provides them with the best tools for the job

Because of this, experts warn about Qilin’s true potential, which may be scarier than people think. The fear is that the ransomware actor will catch the attention of more cybercriminals with time. Which is highly likely given the advantages.

And because the payment rate is so high, this incentivizes recurrent affiliates to work with Qilin representatives to improve the systems and the tools they’re using. In turn, this will improve the malware’s effectiveness and threat factor even more.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment