Qilin Ransomware Leaks Their Victim's Data

By Miklos Zoltan . 5 February 2024

Founder - Privacy Affairs

Fact-Checked this

Qilin ransomware, also known as Agenda, announced a coordinated attack against Commonwealth Sign on February 3^rd. The attack was successful, as the attacker managed to penetrate the victim’s defenses and steal important data.

Despite the targeted ransomware breach, it is reported that the victim didn’t lose too much of its confidential data
According to Qilin itself, the victim refused to contact the attackers to negotiate the terms
As a result, the ransomware actor announced that it will leak the company’s confidential data publicly
Qilin qualifies as a highly dangerous and resourceful ransomware actor that has grown in size over the past year

Unlike other cyberthreat actors, Qilin prefers to aim high. The group has a predilection for high-end targets and large enterprises with a significant financial potential. While most victims refuse to pay the ransom, some comply, which incentivizes Qilin to stay active.

Qilin’s main MO is the double-extortion method. The attacker encrypts the victim’s system and steals as much valuable data it can get. The victim then has to negotiate both the decryption key and the destruction of the cloned data.

X showing the Qilin attack on the Commonwealth Sign Company — https://twitter.com/FalconFeedsio/status/1754172968056283442

This typically raises the value of the ransom considerably. Especially if the stolen data is particularly sensitive and the victim would like it out of the public’s eye.

Why Is Qilin a Menace?

The ransomware sphere has grown drastically over the past 3 years, with many new organizations trying to make a name for themselves. The most infamous ransomware actors are also highly adaptable and resourceful, rendering most defenses useless.

This calls for serious defensive improvements and constant updates and upgrades to keep up with the bad faith actors. And Qilin is among the top cyberthreats in terms of adaptability, resilience, and innovation.

Most importantly, Qilin appears to be specialized on infiltrating high-profile targets that have a lot to lose. This means that Qilin has a well-designed attack system with the latest tools and upgrades. The main methosd are phishing and spear phishing.

Interestingly, though, Qilin isn’t known to demand obscene ransoms, as is the case with more aggressive ransomware actors like Lockbit. Rather, Qilin remains in the range of $50,000-$800,000, with some occasional exceptions.

The organization also isn’t particularly active, as only 12 attacks have been attributed to its name between 2022 and 2023. This is presumably due to the profile of their victims who tend to be less accessible to standard ransomware actors.

Even so, Qilin is still a very potent threat and they appear willing to expand. Investigation groups have identified recruitment posts attributed to Qilin, who is actively looking for members and affiliates.

And with Qilin’s current profile, tools, tactics, and future, goals, there’s no telling where the organization will go. So, prevention is key when it comes to minimizing the risk of ransomware breach.

Experts advise keeping your systems up to date and being constantly aware of your system’s vulnerabilities. Also, working with professionals to boost your defenses is always a great plus, especially when dealing with potent threats like Qilin.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Founder & CEO Privacy Affairs

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography.

Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and "geeky" topics into easy-to-understand guides and tutorials.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

Qilin Ransomware Leaks Their Victim’s Data

Why Is Qilin a Menace?

Our Mission

Miklos Zoltan

Leave a Comment Cancel