Qilin, also known as Agenda, is a ransomware-as-a-service operation that collaborates with affiliates to encrypt and exfiltrate data from hacked organizations, demanding a ransom in return.
Despite its name deriving from a mythical Chinese creature that combines features of a dragon and a horned beast, the Qilin ransomware group is linked to Russia.
Qilin has been active since October 2022, when it first posted about a victim on its darknet leak site. Since then, its activities have increased, affecting notable organizations such as the street newspaper The Big Issue, automotive parts giant Yanfeng, and the Australian court service.
Recently, Qilin made headlines following a ransomware attack against Synnovis, a firm involved in blood testing and transfusions. This attack led to an emergency "critical incident" being declared at several London hospitals, with Qilin threatening to release stolen data unless a ransom is paid.
Reports suggest that Qilin is demanding a substantial ransom of $50 million from Synnovis for the decryption tools and a promise not to publish the data.
However, in media interviews, the group claimed that the attack was not financially motivated but a protest against the British government's involvement in an unspecified war. This claim is dubious given Qilin's history of targeting various businesses and healthcare organizations without prior political motivations. The high ransom demand likely reflects the significant disruption caused to the hospitals and their patients, rather than any genuine political agenda.
Healthcare organizations and hospitals are frequent targets of ransomware attacks due to their complex IT systems and limited budgets. The consequences of such attacks are severe, as they can disrupt critical medical services. Ransomware groups view these entities as "soft targets," hoping to extract payments due to the urgent need to restore services.
To protect against Qilin and similar ransomware threats, organizations should implement several key measures.
These include making secure offsite backups, using up-to-date security solutions, and applying the latest security patches to guard against vulnerabilities. Network segmentation can restrict an attacker's ability to move laterally within an organization. Using strong, unique passwords and enabling multi-factor authentication can protect sensitive data and accounts. Encrypting sensitive data and disabling unnecessary functionalities can further reduce the attack surface.
Educating staff about cyber risks and attack methods is also crucial in maintaining organizational security.
By taking these precautions, organizations can reduce the risk of falling victim to ransomware groups like Qilin, ensuring they are better prepared to defend against such malicious activities.