Select Page

Ransomware affiliates associated with the Qilin ransomware-as-a-service (RaaS) scheme earn anywhere between 80% to 85% of each ransom payment, according to new findings from Group-IB.

The cybersecurity firm said it was able to infiltrate the group in March 2023, uncovering details about the affiliates’ payment structure and the inner workings of the RaaS program following a private conversation with a Qilin recruiter who goes by the online alias Haise.

“Many Qilin ransomware attacks are customized for each victim to maximize their impact,” the Singapore-headquartered company said in an exhaustive report. “To do this, the threat actors can leverage such tactics as changing the filename extensions of encrypted files and terminating specific processes and services.”

Qilin, also known as Agenda, was first documented by Trend Micro in August 2022, starting off as a Go-based ransomware before switching to Rust in December 2022.

images from Hacker News