www.tripwire.com Open in urlscan Pro
2606:4700::6812:1a3  Public Scan

Form analysis
1 forms found in the DOM

GET /search

<form action="/search" method="get" id="views-exposed-form-site-search-page-1" accept-charset="UTF-8" data-once="bef-auto-submit">
  <div class="form-row">
    <fieldset class="js-form-item js-form-type-textfield form-type-textfield js-form-item-keys form-item-keys form-no-label form-group">
      <label for="edit-keys" class="sr-only">Keywords</label>
      <input placeholder="Search for keywords" data-drupal-selector="edit-keys" type="text" id="edit-keys" name="keys" value="" size="30" maxlength="128" class="form-control" data-bef-auto-submit-exclude="">
    </fieldset>
    <fieldset class="js-form-item js-form-type-select form-type-select js-form-item-sort-bef-combine form-item-sort-bef-combine form-no-label form-group">
      <label for="edit-sort-bef-combine" class="sr-only">Sort</label>
      <select class="form-control form-select" data-drupal-selector="edit-sort-bef-combine" id="edit-sort-bef-combine" name="sort_bef_combine">
        <option value="search_api_relevance_1_DESC">Best match</option>
        <option value="published_at_DESC">Newest first</option>
        <option value="published_at_ASC">Oldest first</option>
        <option value="title_ASC">Title A-Z</option>
        <option value="title_DESC">Title Z-A</option>
      </select>
    </fieldset>
    <div data-drupal-selector="edit-actions" class="form-actions js-form-wrapper form-group" id="edit-actions"><input data-bef-auto-submit-click="" class="search-button button js-form-submit form-submit btn btn-primary form-control"
        data-drupal-selector="edit-submit-site-search" type="submit" id="edit-submit-site-search" value="" data-bef-auto-submit-exclude="">
    </div>
  </div>
</form>

Text Content

Skip to main content
English
English
English
English
Secondary Navigation
 * Customer Portal
 * Partner Portal
 * GET A DEMO

 * Products Toggle Dropdown
    * Tripwire Enterprise
    * Tripwire ExpertOps
    * Tripwire IP360
    * Tripwire LogCenter
    * View all products

 * Solutions Toggle Dropdown
    * Security Configuration Management
    * File Integrity and Change Monitoring
    * Vulnerability Management
    * Cloud
    * Compliance
    * Industries
    * View all solutions

 * Services
 * Resources Toggle Dropdown
    * Upcoming Events
    * On-Demand Webinars
    * Datasheets
    * Case Studies
    * Guides
    * Training
    * View all resources

 * Blog
 * About Toggle Dropdown
    * About
    * Careers
    * Leadership
    * Newsroom
    * Partners
    * Contact Us

Keywords Sort Best matchNewest firstOldest firstTitle A-ZTitle Z-A


 1. Home
 2. Blog
 3. Qilin Ransomware: What You Need To Know

QILIN RANSOMWARE: WHAT YOU NEED TO KNOW


Posted on June 20, 2024


Image


What is Qilin?

Qilin (also known as Agenda) is a ransomware-as-a-service criminal operation
that works with affiliates, encrypting and exfiltrating the data of hacked
organisations and then demanding a ransom be paid.

Qilin seems like a strange name. Where does it come from?

The Qilin is a creature from Chinese mythology that combines the features of a
dragon and a horned beast. Sometimes, it is compared to a unicorn.

So the Qilin ransomware comes from China?

Err, no. Sorry. The group behind the Qilin ransomware operation appears to be
linked to Russia.

Hmmph. So how long has the Qilin ransomware been operating?

Qilin first posted about a victim on its darknet leak site in October 2022 and
has increased its activities since then. Victims have included street newspaper
The Big Issue, automotive parts giant Yanfeng and the Australian court service. 

Image


 

So why is Qilin in the news now?

At the beginning of June, an emergency "critical incident" was declared and
operations cancelled at several London hospitals following a ransomware attack
against blood testing and transfusion firm Synnovis. Qilin subsequently
announced on its dark web leak site that it would release data stolen during the
attack. 

Image


Nasty. Presumably they are trying to extort a hefty ransom from the company?

Well, here is where things get a little confusing. It has been reported that
Qilin is demanding an eye-watering US $50 million (approximately £40 million)
from Synnovis for the tools to decrypt its systems and the promise not to
publish its data. And yet, in a series of media interviews, the Qilin ransomware
gang has claimed that its attack against the hospitals was not
financially-motivated at all, but instead part of a protest against the British
government's involvement in an unspecified war.

Is that really likely?

I find it hard to believe. The Qilin ransomware group has never claimed to have
political motivations for its actions in the past, and history has shown that it
has no qualms about hitting all kinds of businesses, schools, hospitals and
healthcare organisations in its attacks. A US $50 million ransom demand reflects
the scale of disruption that the hospitals and patients are facing. It does not
make any sense if the gang is serious about any political agenda that the Qilin
gang claims to be making.

It does seem that healthcare organisations and hospitals get hit by ransomware a
lot. Why is that?

Public healthcare providers typically have the dangerous cocktail of complex IT
systems mixed with limited budgets. In addition, there's a huge difference
between a company hit by ransomware not being able to manufacture widgets for a
few days and a hospital not being able to treat patients with cancer. Ransomware
groups are likely to view hospitals and associated organisations as a "soft
target" as a result, who they hope will find it easier to extort money from.

So, what should my company do about Qilin?

You would be wise to follow our recommendations on how to protect your
organisation from ransomware. Those include:

 * making secure offsite backups.
 * running up-to-date security solutions and ensuring that your computers are
   protected with the latest security patches against vulnerabilities.
 * Restrict an attacker's ability to spread laterally through your organisation
   via network segmentation.
 * using hard-to-crack unique passwords to protect sensitive data and accounts,
   as well as enabling multi-factor authentication.
 * encrypting sensitive data wherever possible.
 * reducing the attack surface by disabling functionality that your company does
   not need.
 * educating and informing staff about the risks and methods used by
   cybercriminals to launch attacks and steal data.

Stay safe, and don't allow your organisation to be the next victim to fall foul
of the Qilin ransomware group.

--------------------------------------------------------------------------------

Editor’s Note: The opinions expressed in this guest author article are solely
those of the contributor and do not necessarily reflect those of Tripwire.



GRAHAM CLULEY

Cybercrime Researcher and Blogger

View Profile
Related Solutions
Cybersecurity
Related Content
Blog
Ransomware on the Rise: How to Keep You & Your Company Safe

 * +1 800-328-1000
 * Email Us
 * Request Support

   
 * X Find us on X
 * LinkedIn Find us on LinkedIn
 * Youtube Find us on Youtube
 * Reddit Find us on Reddit

Footer menu


PRODUCTS & SERVICES

 * Tripwire Enterprise
 * Tripwire IP360
 * Tripwire LogCenter
 * Tripwire ExpertOps
 * Services
 * View All Products
 * Fortra Products


SOLUTIONS

 * By Security Need
 * By Compliance Need
 * By Industry


RESOURCES

 * Upcoming Events
 * On-Demand Webinars
 * Datasheets
 * Training
 * Request a Quote
 * Start a Demo


ABOUT

 * Fortra
 * Patents
 * Customer Support
 * Report a Vulnerability


CONTACT INFORMATION


PRIVACY POLICY


COOKIE POLICY

COOKIE-PRÄFERENZEN


IMPRESSUM

Copyright © Fortra, LLC and its group of companies. Fortra®, the Fortra® logos,
and other identified marks are proprietary trademarks of Fortra, LLC.