Qilin Ransomware Targets a US-Based Non-Profit Corpo

By Miklos Zoltan . 11 February 2024

Founder - Privacy Affairs

Fact-Checked this

Qilin ransomware announced a successful breach against Upper Merion Township, a US-based non-profit organization. The attacker posted a short summary of the victim on its public website and set a deadline for negotiations to complete.

Upper Merion Township didn’t comment on the recent attack
Qilin announced that they managed to secure in excess of 500 GB of data
The leaked information includes employee files, financial charts, email correspondence, private contracts, and much more
These would presumably cause significant financial and reputational damages if they were to leak publicly

While Upper Merion Township decided not to comment on the event, it is presumed that they’re actively looking for a way to solve the issue. Preferably without paying the ransom.

As an RaaS tool (Ransomware-as-a-service), Qilin relies on affiliates in exchange for a fee. This is quite a successful business tactic, as Qilin members themselves are never in the firing line, yet they still make bank.

X showing the Qilin attack on the Upper Merion Township — https://twitter.com/FalconFeedsio/status/1756619091744604485

Most importantly, Qilin is always recruiting new affiliates and looks for manpower on a daily basis. The group’s job is simply to scan the market, identify potential targets, and disclose their vulnerabilities and details to the affiliates.

The affiliates will then take over the task and conduct the attack the way they seem fit. It’s unclear if it’s the affiliates who negotiate the ransom or Qilin representatives themselves.

What To Know About Qilin

The modern version of Qilin’s systems is the successor of its earlier iterations dating back to July of 2022. That’s when Qilin’s younger version, written in the Go programming language, first became public.

The ransomware actor didn’t make any waves at first, but that changed pretty fast. Qilin immediately began upgrading its systems and even changed its programming language to Rust.

This provides it with more tools to conduct successful operations and adapt easier to the victims’ defenses. But that’s not what makes Qilin so successful or feared.

The danger factor comes from the organization’s thorough understanding of what efficiency entails. Qilin always has efficiency as its ultimate goal and it aims to maximize its profits with every new hit.

A recent in-depth investigation revealed that Qilin pays its affiliates and partners a market-leading 80%-85% of the gains. This is unheard of in the industry and explains why Qilins’ affiliate-based business model is so successful.

In exchange for the passive income brought on board by the affiliates, Qilin:

Researches the market for targets,
Instructs and teaches affiliates about its systems, and
Provides them with the best tools for the job

Because of this, experts warn about Qilin’s true potential, which may be scarier than people think. The fear is that the ransomware actor will catch the attention of more cybercriminals with time. Which is highly likely given the advantages.

And because the payment rate is so high, this incentivizes recurrent affiliates to work with Qilin representatives to improve the systems and the tools they’re using. In turn, this will improve the malware’s effectiveness and threat factor even more.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Founder & CEO Privacy Affairs

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography.

Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and "geeky" topics into easy-to-understand guides and tutorials.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

Qilin Ransomware Targets a US-Based Non-Profit Corpo

What To Know About Qilin

Our Mission

Miklos Zoltan

Leave a Comment Cancel