Qilin hackers announced a massive operation against US-based Bock & Associates today. The hackers managed to seize in excess of 1,000 GB of data, totaling 995,865 files. This is one of the largest data leaks attributed to Qilin.
Ransomware attacks have increased in intensity over the past year, with both veteran and newcomer gangs trying to maximize their profits. Ransomware groups only seek financial gains, and they will pursue them by any means necessary.
In some cases, the victims can recover from the attack on their own without having to pay the ransom. However, many don’t, in which case they need to negotiate with the attackers. And this isn’t necessarily because of the encryption.
The main reason why most victims decide to negotiate and even pay the ransom is the leaked data. This applies to medium and large-sized companies more often than not.
That’s because, depending on the type of data being leaked, the company itself can get into serious legal issues. The institution is responsible for all the data it stores, including confidential information about employees and customers.
Major data leaks can expose innocent individuals to the will of the hackers. This makes the company liable for any damages that may result from the leak itself. Which is why many victims refuse to report the breach to the authorities.
Qilin functions as an RaaS (Ransomware-as-a-Service), constantly recruiting affiliates on hacker forums. Specialists consider Qilin to be a classic Russian operator or, at the very least, inspired by that archetype.
According to cybersecurity analysts, the Qilin code is quite sophisticated, and it’s written in Go and Rust. These are highly adaptable programming languages, allowing the operators to work cross-platform and infect different operating systems.
The organization sticks to the tried-and-tested double extortion practice. The hackers encrypt the parent files and download the target data. This forces the victim to negotiate for both the decryptor and the deletion of the data.
As experts explain, paying the ransom doesn’t typically achieve anything, especially when it comes to Qilin. As history has shown, Qilin tends to keep the stolen data even after the victim has paid for its deletion.
Not only that, but Qilin operators often keep extorting the victim after the ransom money has been received. The hackers’ behavior depends on the victim’s profile and the data being stolen.
In other cases, the hackers may also sell or share the data with other cybercriminal gangs, which leads to even more problems down the line. So, the conclusion is simple: don’t pay the ransom!
We believe security online security matters and its our mission to make it a safer place.