• Home
  • News
  • Newcomer Qilin Ransomware Targets 100-Year Old Corporation

Newcomer Qilin Ransomware Targets 100-Year Old Corporation

Bogdan Pătru

By Bogdan Pătru . 16 March 2024

Tech Writer

Miklos Zoltan

Fact-Checked this

The novel Qilin ransomware took responsibility for the recent hit against the US-based MORDFIN GROUP. This is a mammoth company that established itself as an authority in the field of accounting, real estate, auditing, and tax services.

  • Qilin is virtually unknown in the ransomware sphere
  • This is due to the actor’s low profile, low number of targets, and low ransom values
  • MORDFIN GROUP didn’t comment on the attack, but evidence of the operation was posted by Qilin on its personal website
  • The number of ransomware attacks has grown recently, with more cybercriminal organizations becoming active in the recent years

Qilin is but one of the many ransomware actors present in the public sphere today. Unlike other similar organizations, Qilin prefers to remain low and now cause waves. It’s been reported that the organization only hit 12 small and medium-sized targets throughout 2023.

This is a far cry from the average of several dozen infiltrations and even hundreds associated with other ransomware groups. Another peculiarity is that Qilin keeps the value of the ransom low. This is supposedly to increase the chance of payment.

X showing the Qilin attack on MORDFIN GROUP
https://twitter.com/FalconFeedsio/status/1751857068821061814

According to some investigation agencies, Qilin usually demands between $50,000 and $800,000 on average. This may seem a lot, but it’s actually on the low end of the spectrum. High-end ransom demands can reach as high as $4 million or more.

That’s because more dangerous and powerful ransomware actors assess the value of the ransom based on the victim’s payment capabilities. Qilin does this too, although not to the same extent. The group also avoids high-profile targets.

What to Know About Qilin

Qilin, often known as Agenda, isn’t quite new, as the organization has been active in the ransomware sphere for over 2 years. The problem is that the organization has been mostly inactive until recently.

The group resumed its activity recently, with several attacks being noticed in a relatively short period. The group prioritizes stealth more than anything, which works in conjunction with the low ransom values.

Despite its low profile, Qilin is in no way a benign organization. Specialists raise an alarm signal over the group’s potential to expand its influence and capabilities. Especially since Qilin is very keen to upgrade its systems and MOs as often as possible.

This allows the attacker to remain on the top of the game, while staying low enough to not reach the mainstream spotlight.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment