Researchers warn of Qilin ransomware gang after group hit hundreds of orgs this year

Steven

Researchers warn of Qilin ransomware gang after group hit hundreds of orgs this year

Summary

The Qilin ransomware gang has become one of 2025’s most active cybercriminal operations, listing hundreds of victims — including large companies, local governments and hospitals. In October alone the group added more than 185 victims to its leak site, claiming responsibility for incidents affecting firms such as Asahi, the Texas city of Sugar Land, a North Carolina county government and multiple power companies in Texas.

Cisco Talos researchers warn that Qilin has been publishing information on roughly 40 victims per month in the second half of 2025. The group, active since July 2022, has scaled up by operating as ransomware-as-a-service (RaaS). Investigations show no single intrusion method; attackers commonly leverage stolen administrative credentials found on the dark web to access VPNs. Comparitech tracked over 700 Qilin attacks in 2025 (118 confirmed), with about half targeting US organisations. Qilin has also raised ransom demands this year, including multi-million-dollar demands aimed at high-profile targets.

Key Points

  • Qilin listed hundreds of victims in 2025, adding 185+ victims in October alone.
  • Group operates via a Ransomware-as-a-Service model, enabling rapid scale and reach.
  • Common tactics include use of stolen admin credentials and VPN access rather than a single exploit.
  • Sectors hit most: manufacturing (~25%), professional & scientific services (~18%), and wholesale trade (~10%).
  • Comparitech tracked over 700 suspected Qilin incidents in 2025, with 118 confirmed; about half affected US organisations.
  • Ransom demands have increased, with some demanded sums reaching into the multi-million-dollar range.
  • Qilin has faced law enforcement attention but continued attacks on governments, healthcare and media organisations.

Why should I read this?

Look — Qilin’s not just noisy, it’s growing fast. If you run IT, security or any critical service, this is the sort of gang that can cause big outages and big bills. Read this to get a quick grip on their scale, common tactics and who’s being hit so you can check your defences (credentials, VPNs, backups) before it’s too late.

Context and Relevance

This story matters because it highlights ongoing trends in cybercrime: RaaS allows criminal groups to scale quickly, stolen credentials remain a top attack vector, and ransom demands are rising — all of which increase risk for organisations of every size. The sectors targeted (manufacturing, professional services, utilities) underline how attackers seek both operational impact and high-value data. For defenders, the takeaways are straightforward: tighten credential hygiene, monitor VPN access, and prepare incident response and recovery plans.

Author style

Punchy — this is a high-priority alert for security teams. The facts here are concise and actionable: Qilin is active, growing, and opportunistic. If you care about availability or sensitive data, treat the details as urgent intelligence.

Source

Source: https://therecord.media/qilin-ransomware-gang-hits-hundreds-of-orgs-2025