Qilin Ransomware Exposes 40+ Victims Monthly

The Qilin ransomware group has escalated its global attacks, now listing over forty new victims each month on its dedicated data leak site. This alarming trend, documented through the latter half of 2025, solidifies its status as a top-tier cyber threat. Recent analysis from Cisco Talos reveals that the manufacturing industry bears the brunt of these assaults, with professional and scientific services and the wholesale trade sector also suffering significant targeting. The group’s persistent high-volume victim publication highlights its operational capacity and the severe financial damage it inflicts on businesses internationally.

Qilin employs a double-extortion tactic to maximize pressure on its targets. This method involves not only locking down a victim’s critical data with encryption but also stealing sensitive information beforehand. The criminals then threaten to publicly release this confidential data unless their ransom demands are met, creating a powerful incentive for organizations to pay.

The group, which originally operated under the name Agenda before rebranding, first appeared around the middle of 2022. It has dramatically widened its impact by adopting a ransomware-as-a-service (RaaS) framework. This business model allows other cybercriminals, known as affiliates, to lease Qilin’s sophisticated malicious software and supporting infrastructure. These affiliates then carry out attacks against a wide range of organizations, with a notable concentration in the United States, Canada, the United Kingdom, France, and Germany. This distributed network of attackers enables Qilin to maintain a relentless pace of intrusions across multiple continents.

(Source: Info Security)