A newly discovered ransomware operation known as Qilin has been targeting healthcare, education, and other critical sectors of the global economy, arming its affiliates with malware and supporting services. Reports suggest that Qilin pays out an industry-leading 80-85% share of the takings to its partners through an affiliate program. Researchers from Group-IB were able to infiltrate the Qilin operation in March and discovered a one-stop-shop for aspiring cybercriminals to obtain advanced customizable ransomware, a formal payment system, and encryption services to support double-extortion operations.
Qilin ransomware operators typically initiate an attack through a phishing email, where the recipient could be tempted to open a suspicious link that downloads the malware. The Qilin ransomware variant that the team discovered was written in Rust, and the code is made to be difficult to detect and simple to customize for each campaign. The ransomware-as-a-service (RaaS) team also offers information on intelligence about targets, ransomware note templates, and even customizable malware that the Group-IB team found. The Qilin ransomware attacks showed the attackers had weaponized affiliates with upgraded tools, techniques, and a sophisticated service delivery that requires the target to pay fees not to feature on a Dark Web leak site.
Qilin ransomware has been making notable headlines, targeting critical sector companies but is a threat to all organizations across different verticals, the Group-IB report warned. While other organizations might not have the same impact or brand recognition, they could still go out of business, lose data or, at worst, be unable to give care or education services required. Ransomware-as-a-service (RaaS) providers allow less technically skilled individuals and organizations to launch attacks easily, opening up possibilities of more frequent and widespread attacks. Experts say that with ransomware attacks, as with many cyber-attacks, successful defense is all about doing as much as possible to make yourself less attractive to attackers.
Ransomware attacks have been the common theme this year, with cybercriminals going after firms and critical organizations. With small and medium enterprises proving to be easy targets for cybercriminals due to insufficient security measures in place, many of these firms have fared poorly. One of the most viable ways to combat ransomware attacks is to become cyber-resilient. For small and medium-sized enterprises (SMEs), this means consciously making critical investments in information technology (IT) management and security, given that cyberincidents could hurt SMEs’ long-term growth.
In conclusion, the Qilin ransomware attack has raised concerns in various sectors of the economy, and experts have warned that the RaaS operator Qilin is actively recruiting new affiliates and improving its tools and operations, making it an important emerging ransomware threat. Therefore, businesses and organizations must invest in appropriate and up-to-date IT security measures to avoid the risk of ransomware attacks. Moreover, educating employees on ways to identify phishing emails is also critical, as these often carry ransomware.