Qilin Ransomware Steals 1 Million Files From Bock & Associates

By Bogdan Pătru . 13 June 2024

Tech Writer

Fact-Checked this

Qilin hackers announced a massive operation against US-based Bock & Associates today. The hackers managed to seize in excess of 1,000 GB of data, totaling 995,865 files. This is one of the largest data leaks attributed to Qilin.

Bock & Associates is a high-profile accounting firm, and they haven’t experienced a leak of this magnitude so far
Qilin hasn’t provided too many details about the breach, aside from a short victim profile and the amount of data they’ve stolen
They have also posted 5 images containing some of the leaked data to support their claim
Qilin has been quite an influential ransomware gang, albeit not as active as others

Ransomware attacks have increased in intensity over the past year, with both veteran and newcomer gangs trying to maximize their profits. Ransomware groups only seek financial gains, and they will pursue them by any means necessary.

In some cases, the victims can recover from the attack on their own without having to pay the ransom. However, many don’t, in which case they need to negotiate with the attackers. And this isn’t necessarily because of the encryption.

X showing the Qilin Ransomware attack on Bock & Associates, LLP — https://x.com/FalconFeedsio/status/1801181262146654458

The main reason why most victims decide to negotiate and even pay the ransom is the leaked data. This applies to medium and large-sized companies more often than not.

That’s because, depending on the type of data being leaked, the company itself can get into serious legal issues. The institution is responsible for all the data it stores, including confidential information about employees and customers.

Major data leaks can expose innocent individuals to the will of the hackers. This makes the company liable for any damages that may result from the leak itself. Which is why many victims refuse to report the breach to the authorities.

How Qilin Operates

Qilin functions as an RaaS (Ransomware-as-a-Service), constantly recruiting affiliates on hacker forums. Specialists consider Qilin to be a classic Russian operator or, at the very least, inspired by that archetype.

According to cybersecurity analysts, the Qilin code is quite sophisticated, and it’s written in Go and Rust. These are highly adaptable programming languages, allowing the operators to work cross-platform and infect different operating systems.

The organization sticks to the tried-and-tested double extortion practice. The hackers encrypt the parent files and download the target data. This forces the victim to negotiate for both the decryptor and the deletion of the data.

As experts explain, paying the ransom doesn’t typically achieve anything, especially when it comes to Qilin. As history has shown, Qilin tends to keep the stolen data even after the victim has paid for its deletion.

Not only that, but Qilin operators often keep extorting the victim after the ransom money has been received. The hackers’ behavior depends on the victim’s profile and the data being stolen.

In other cases, the hackers may also sell or share the data with other cybercriminal gangs, which leads to even more problems down the line. So, the conclusion is simple: don’t pay the ransom!

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Author, Creative Writer, and Tech-Geek Bogdan has followed his passion for the digital world ever since he got his hands on his first PC. After years of accumulating knowledge and experience, the good Samaritan in him whispered to him one day about the virtue of sharing that knowledge with those who needed it. It was in 2014 when that idea would grow into a life-defining passion. One that keeps driving him to this day.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

Qilin Ransomware Steals 1 Million Files From Bock & Associates

How Qilin Operates

Our Mission

Bogdan Pătru

Leave a Comment Cancel