Qilin ransomware announced a successful breach against Upper Merion Township, a US-based non-profit organization. The attacker posted a short summary of the victim on its public website and set a deadline for negotiations to complete.
While Upper Merion Township decided not to comment on the event, it is presumed that they’re actively looking for a way to solve the issue. Preferably without paying the ransom.
As an RaaS tool (Ransomware-as-a-service), Qilin relies on affiliates in exchange for a fee. This is quite a successful business tactic, as Qilin members themselves are never in the firing line, yet they still make bank.
Most importantly, Qilin is always recruiting new affiliates and looks for manpower on a daily basis. The group’s job is simply to scan the market, identify potential targets, and disclose their vulnerabilities and details to the affiliates.
The affiliates will then take over the task and conduct the attack the way they seem fit. It’s unclear if it’s the affiliates who negotiate the ransom or Qilin representatives themselves.
We believe security online security matters and its our mission to make it a safer place.
The modern version of Qilin’s systems is the successor of its earlier iterations dating back to July of 2022. That’s when Qilin’s younger version, written in the Go programming language, first became public.
The ransomware actor didn’t make any waves at first, but that changed pretty fast. Qilin immediately began upgrading its systems and even changed its programming language to Rust.
This provides it with more tools to conduct successful operations and adapt easier to the victims’ defenses. But that’s not what makes Qilin so successful or feared.
The danger factor comes from the organization’s thorough understanding of what efficiency entails. Qilin always has efficiency as its ultimate goal and it aims to maximize its profits with every new hit.
A recent in-depth investigation revealed that Qilin pays its affiliates and partners a market-leading 80%-85% of the gains. This is unheard of in the industry and explains why Qilins’ affiliate-based business model is so successful.
In exchange for the passive income brought on board by the affiliates, Qilin:
Because of this, experts warn about Qilin’s true potential, which may be scarier than people think. The fear is that the ransomware actor will catch the attention of more cybercriminals with time. Which is highly likely given the advantages.
And because the payment rate is so high, this incentivizes recurrent affiliates to work with Qilin representatives to improve the systems and the tools they’re using. In turn, this will improve the malware’s effectiveness and threat factor even more.