Qilin Ransomeware is Back
“Every enterprise is a victim of hacking. The question is how long it takes for them to find out.”
Qilin Ransoms and Healthcare
In June 2024, they targeted Synnovis, a pathology services provider, which led to significant disruptions in several key NHS hospitals in London. The group demanded a $50 million ransom, which was not paid.
The great people at Sophos probably have the most up to date news. It seems that Healthcare is dispproportionately affected, based on anecdotal data. Ilate August 2024, the Qilin ransomware group has been in the news for several significant activities:
Credential Theft from Google Chrome: Qilin has been observed using a new tactic to steal credentials stored in Google Chrome browsers. This method involves deploying a custom stealer that targets Chrome browsers on network-connected endpoints. The group uses a Group Policy Object (GPO) to execute a PowerShell script that harvests credentials, which are then exfiltrated. This technique was identified by the Sophos X-Ops team and is considered unusual for ransomware groups
Healthcare Sector Attacks: Qilin has been particularly active in the healthcare sector. In June 2024, they targeted Synnovis, a pathology services provider, which led to significant disruptions in several key NHS hospitals in London. The group demanded a $50 million ransom, which was not paid, resulting in the leakage of millions of patient records on the dark web. This attack has caused widespread concern and has been labeled a healthcare crisis
International Law Enforcement Efforts: The UK and US law enforcement agencies have joined forces to tackle Qilin's ransomware operations. This collaboration aims to address the group's impact on critical sectors, including healthcare
Ransomware Payments: Ransomware victims have paid nearly $460 million to cybercriminals in the first half of 2024, setting a record for ransom payments. This highlights the growing financial impact of ransomware attacks
Qilin's Tactics and Techniques: Qilin employs sophisticated techniques, including exploiting vulnerabilities in Fortinet devices and Veeam Backup & Replication software, using brute force on VPN devices, and deploying ransomware with robust encryption methods like AES-256 CTR and ChaCha20. The group also engages in double extortion, stealing data and encrypting systems before demanding a ransom
Please give Sophos a hand, they do exellent work.
