According to Cyber news, Qilin started operating in 2022, but has only really emerged in the past 2 years. If in 2023, this group recorded only 45 attacks, the number has now exceeded 700.
Qilin operates under the ransomware-as-a-service model, which is leasing malware tools to share the ransom with other attack groups. After a group of opponents disbanded in April, many partners moved to Qilin, causing the group's scale to increase rapidly.
The victims are mainly in the fields of manufacturing, finance, retail, healthcare and administration. Many notable cases include attacks on Asahi Holdings (Japan) or Volkswagen Group France, leaking hundreds of gigabyte customer and employee data.
The US is currently the most affected country with more than 370 cases, followed by France, Canada, South Korea and Spain. Some of the attacks came with demands for bribes of up to 10 million USD.
Experts warn that Qilin is expanding rapidly thanks to the "subscriber blackmail service" model, allowing many criminal groups to participate. This increases the risk of attacks on businesses and agencies around the world (including Vietnam).
