Newcomer Qiulong Ransomware Gang Hits a New Target

By Miklos Zoltan . 26 April 2024

Founder - Privacy Affairs

Fact-Checked this

The Qiulong gang announced another victim today, the Brazilian Hominem Clinic. Qiulong is a newcomer in the ransomware sphere, only days old. Despite that, the novel ransomware group is already making waves.

Qiulong appears to be isolated to Brazil for now, but it’s unclear if this is by choice or that’s the extent of the gang’s reach
Despite its recent inception, this is already a controversial organization, as Qiulong is the name of an ancient Chinese dragon
This is most likely by design, as many cybercriminal gangs choose deceiving and confusing names, often unrelated to their origin
It is unclear if Qiulong is a legitimate ransomware organization or merely an empty name used by another legitimate actor

The latter is common in the ransomware sphere. The FBI often targets ransomware organizations, along with counterparts from other continents. If successful, the FBI’s operations will destroy the gang entirely, exposing its members and structure.

To prevent that, many gangs prefer to rebrand themselves regularly, rely on affiliates more, or simply create puppet groups like Qiulong. These will often send law enforcement agencies on ghost hunting, making them spend time and resources for nothing.

It’s unknown whether that’s the actual case with Qiulong or if this is just some unwarranted theory.

X showing the Qiulong attack on Hominem Clinic — https://twitter.com/FalconFeedsio/status/1783443334561968291

Despite it being entirely new in the ransomware sphere, Qiulong appears to be not only highly active, but quite resourceful as well. The hackers are very quick at detecting new targets, scan their vulnerabilities, and breach them seemingly all in one day.

This lends credence to the theory that Qiulong may be more than meets the eye. That being said, it’s not out of the ordinary for an entirely new group to appear dominant and aggressive. They’re trying to build their name and make an impact from the get-go.

What to Expect from Quilong?

The future is uncertain, but Quilong’s effectiveness does create a scary prospect. The gang has been extremely active since its inception, often targeting multiple victims at once. For now, it appears that the hackers prioritize the health industry.

Qiulong operators have breached several prominent Brazilian plastic surgeons over the past several days. The hackers have mocked and denigrated the victims in the subsequent posts, stating that the doctors don’t care about their patients’ privacies.

In most cases, Qiulong has leaked part of the stolen data, which included confidential client data and even nude photos of some patients. It’s also important to note that Qiulong hackers appear to care about their image a lot.

This transpires mostly from the ransom notes that they leave behind, which are often in perfect English. This isn’t unheard of in the ransomware space, but it doesn’t happen very often either. Most ransomware notes are written in poor English and riddled with grammar mistakes.

Based on the group’s recent development and level of activity, it’s safe to say that Qiulong appears to be a legitimate cyberthreat. If you believe you qualify as a potential victim, you may need to act today.

Qiulong is known to prioritize private corporations.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Founder & CEO Privacy Affairs

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography.

Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and "geeky" topics into easy-to-understand guides and tutorials.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

Newcomer Qiulong Ransomware Gang Hits a New Target

What to Expect from Quilong?

Our Mission

Miklos Zoltan

Leave a Comment Cancel