Qilin has been the top ransomware group in recent months, so it’s not surprising that the group has apparently attracted the attention of law enforcement.
Europol is offering a $50,000 reward for information on two senior members of the Qilin ransomware group, according to news reports.
According to Australia’s Cyber Daily, Europol posted on one of its Telegram channels the aliases of two Qilin actors it is seeking information on.
“We have identified two primary administrators operating under the aliases Haise and XORacle, who coordinate affiliates and oversee extortion activities,” the Europol Telegram post said, according to the publication.
“We are actively pursuing all available leads in cooperation with international partners. A reward of up to US$50,000 is offered for information that directly leads to the identification or location of these administrators.”
Qilin Ransomware Group Claims 356 Victims Since April
Cyble threat intelligence researchers have documented 695 victims of the Qilin ransomware group since it first emerged in 2022.
However, more than half of those claimed victims – 356 – have occurred since longtime leader RansomHub went offline at the end of March in a possible act of sabotage by rival DragonForce. That surge of activity likely factored in Europol’s decision to step up enforcement efforts against the group.
Those 356 victims are 143 more than Akira, the second most active ransomware group since April (chart below).
NHS Ransomware Attack was Qilin’s Most Disruptive
Perhaps Qilin’s most notorious attack occurred in June 2024, when a ransomware attack on UK pathology services provider Synnovis caused service disruptions at major London NHS hospitals, an attack that one official called “one of the most unpleasant and impactful cyber incidents in the UK in recent years.”
One consequence of that devastating attack was a 96% drop in blood sampling in London hospitals in the weeks after the attack.
Healthcare ransomware attacks aside, part of Qilin’s staying power has been its ability to target a wide range of sectors and industries; the chart below, from Cyble, details the top sectors targeted by Qilin since April.
The Cyber Express has reached out to Europol to confirm reports of the reward and will update this article with any response.
Source: Read More