A Threat to the Worldwide Economy: Qilin Ransomware Gang Empowers Affiliates with Customizable Malware
Ransomware-as-a-Service Goes Mainstream: The Qilin Ransomware Gang
The Qilin Ransomware Gang, a ransomware-as-a-service operation, has been aggressively recruiting affiliates to target critical sectors of the worldwide economy, including education and healthcare. According to Group-IB researchers, Qilin has become a one-stop-shop for aspiring cybercriminals, providing everything from advanced, customizable ransomware to encryption services that support double-extortion operations. In exchange for their services, the Qilin Ransomware Gang pays out an industry-leading 80%-85% of takings to its partners.
The Qilin Ransomware Gang’s Customizable Malware
Qilin ransomware has evolved over time. Initially written in Go programming language, its current iteration is written in Rust. This has made it difficult to detect and easy to customize for each campaign, according to the Group-IB report. The Qilin ransomware variant begins its attack with a phishing email, as observed by the researchers. The Qilin team provides information on intelligence targets, customizable buildable malware, and even ransomware note templates to its affiliates.
A Growing Threat
Group-IB researchers infiltrated the Qilin Ransomware Gang in March and found that it was actively recruiting new affiliates and improving its tools and operations. The researchers warn that this makes the Qilin Ransomware Gang an important emerging ransomware threat that organizations across all sectors should keep an eye on. Although the gang gained notoriety for targeting critical sector companies, it poses a threat to organizations in all verticals.
Recommendations
To protect against Qilin ransomware attacks, organizations should focus on preventing phishing emails and training employees on how to identify and report them. They should also ensure they have reliable backup systems in place and test these systems regularly to ensure they are effective. Additionally, organizations should consider implementing multi-factor authentication and preventing users from accessing unnecessary applications or data. In the event of a ransomware attack, organizations should focus on swift containment and remediation efforts, ideally with the help of a trusted incident response team. Finally, organizations need to stay up-to-date on emerging ransomware threats and consider partnering with a reputable cybersecurity provider to help mitigate the risk.
<< photo by Tima Miroshnichenko >>
You might want to read !
- Unfixable Buffer Overflow Found in Belkin Wemo Smart Plug V2
- “Philadelphia Inquirer Braces for Major Election Coverage in the Wake of Cyberattack”
- “Laughing Matters: Analyzing the Satirical Punch of ‘Name That Toon: One by One’”
- “Ransomware Fashionably Targets VMware ESXi Hypervisors, Michael Kors Shows”
- “Stumbling Blocks: How to Steer Clear of These 4 Common Errors in OT Incident Response”
- Severe RCE Bugs Pose Major Threat to Industrial IoT Devices
