Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts

2023-05-16 12:20

Ransomware affiliates associated with the Qilin ransomware-as-a-service scheme earn anywhere between 80% to 85% of the ransom payments, according to new findings from Group-IB. The cybersecurity firm said it was able to infiltrate the group in March 2023, uncovering details about the affiliates' payment structure and the inner workings of the RaaS program following a private conversation with a Qilin recruiter who goes by the online alias Haise.

"Many Qilin ransomware attacks are customized for each victim to maximize their impact," the Singapore-headquartered company said in a new report.

The victims, which mainly span critical infrastructure, education, and healthcare sectors, are located in Australia, Brazil, Canada, Colombia, France, Japan, Netherlands, Serbia, the U.K., and the U.S. Group-IB said the Qilin actors also provide affiliates - who are recruited to identify targets of interest and stage the attacks - with an administrative panel to effectively oversee various parts of their operations.

"Qilin ransomware group has an affiliate panel divided into sections such as Targets, Blogs, Stuffers, News, Payments, and FAQs to manage and coordinate its network of affiliates," security researcher Nikolay Kichatov said.

"Although Qilin ransomware gained notoriety for targeting critical sector companies, they are a threat to organizations across all verticals," Kichatov said.

"Moreover, the ransomware operator's affiliate program is not only adding new members to its network, but it is weaponizing them with upgraded tools, techniques, and even service delivery."

News URL

https://thehackernews.com/2023/05/inside-qilin-ransomware-affiliates-take.html

#ransom #ransomware