Qilin Ransomware Operation Outfits Affiliates With Sleek, Turnkey CyberattacksQilin Ransomware Operation Outfits Affiliates With Sleek, Turnkey Cyberattacks
Researchers infiltrate a ransomware operation and discover slick services behind Qilin's Rust-based malware variant.
May 16, 2023
Ransomware-as-a-service (RaaS) operation Qilin has been arming its affiliates with malware and supporting services to target education, healthcare, and other critical sectors of the worldwide economy, paying out an industry-leading 80% to 85% of takings to the partners.
Researchers from Group-IB were able to infiltrate the Qilin operation in March, and what they found was a one-stop shop for aspiring cybercriminals to get their hands on advanced, customizable ransomware, a defined payment structure, and encryption services to support double-extortion operations (i.e., demanding money to decrypt the data, as well as an additional fee not to release the data on a Wark Web leak site).
Ransomware attacks backed by Qilin operators typically begin with a phishing email, the Group-IB team observed. The Qilin ransomware variant itself has evolved from its July 2022 roots, initially written in Go programming language (Golang) while its current iteration is written in Rust. That makes it difficult to detect and simple to customize for each campaign, Group-IB said in its report on the RaaS operation.
"Having infiltrated Qilin, Group-IB Threat Intelligence researchers were able to analyze the inner workings of the affiliate program and all sections of Qilin's admin panel," the Group-IB report said.
The Qilin RaaS team provides information on everything from intelligence on targets, customizable buildable malware, and even ransomware note templates, the Group-IB team found.
The researchers warn that RaaS operator Qilin is actively recruiting new affiliates and improving its tools and operations, making it an important emerging ransomware threat to keep an eye on.
"Although Qilin ransomware gained notoriety for targeting critical sector companies, they are a threat to organizations across all verticals," the Group-IB report warned. "Moreover, the ransomware operator’s affiliate program is not only adding new members to its network, but it is weaponizing them with upgraded tools, techniques, and even service delivery."
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023