New information has surfaced regarding the activities of the Qilin ransomware group and their Ransomware-as-a-Service (RaaS) program.
In its latest research study, Group-IB’s threat intelligence team has penetrated and analyzed Qilin’s inner workings, revealing insights into what targeted critical sectors and the advanced techniques they used. Stated.
Qilin, also known as Agenda ransomware, has emerged as a significant threat since its discovery in August 2022, according to research.
Read more about Agenda here: Agenda Ransomware Switches to Rust to Attack Critical Infrastructure
Nikolay Kichatov, Threat Intelligence Analyst at Group-IB, said Qilin uses the Rust and Go programming languages to aggressively target companies in key areas with highly customized, evasive ransomware attacks. explained.
“Rust variants are particularly effective against ransomware attacks. In addition to being easy to evade and hard to crack, they also make it easier to customize the malware for Windows, Linux, and other operating systems.” Mr. Kitchatov explained. “It is important to note that the Qilin ransomware group has the ability to generate samples for both Windows and ESXi versions.”
These attacks not only encrypt the victim’s data, but also exfiltrate sensitive information, allowing attackers to utilize a double extortion technique.
Group-IB researchers say that accessing Qilin’s admin panel gave them unprecedented insight into the affiliate structure and payment mechanism within the Qilin RaaS program. The Affiliate Panel is divided into sections such as Targets, Blogs, Staff, News, Payments and FAQs to give you a comprehensive understanding of network coordination and management.
Additionally, Group-IB’s analysis of Qilin’s dark web presence found that the group posted information about 12 victims on a dedicated leak site between July 2022 and May 2023. It became clear that These victims are spread across different countries such as Australia, Brazil, Canada, Colombia, France, Netherlands, Serbia, UK, Japan, USA, etc.
The research also provided valuable recommendations for preventing and defending against Qilin ransomware attacks. This includes implementing multi-factor authentication (MFA), maintaining a robust data backup strategy, leveraging advanced malware detection solutions, prioritizing security patches, conducting employee training, and proactively monitoring for vulnerabilities. It is included.
Qilin was recently mentioned in a SentinelOne advisory as one of the growing threat groups targeting Linux systems.
