QILIN Ransomware Report

From sectrio.com

QILIN also known as “Agenda” is a Ransomware Group that also provides Ransomware as a service (Raas). Qilin’s ransomware-as-a-service (RaaS) scheme earns anywhere between 80% to 85% of each ransom payment, according to new Group-IB findings. It was first discovered in 2022 when it attacked Australia’s leading Information technology service organization. 

Table of Contents

Qilin Targets its victims by sending phishing emails that contain malicious links to gain access to their network and exfiltrate sensitive data, as soon as Qilin completes initial access, they commonly circulate laterally across the victim’s infrastructure, attempting to find crucial statistics to encrypt. After encrypting the data Qilin leaves a Ransom note “Your network/system was encrypted, and the encrypted file has a new file extension” and asks for the ransom to pay for the decryption key

Read more…