Qilin Is Running a Business. That's What Makes It So Dangerous.

When cybersecurity researchers talk about ransomware groups, the conversation tends to orbit around technical indicators. Those details matter. But with Qilin, fixating on the technical side risks missing the more unsettling picture. This group is not just operationally sophisticated — it is institutionally sophisticated. It has built what functions, in every meaningful sense, as a criminal enterprise with staffing models, legal departments, in-house media, and financial incentive structures designed to scale indefinitely.[1][3]

Understanding Qilin means understanding that ransomware has entered a new organizational phase. The groups that survive and dominate are not the ones with the most dangerous code. They are the ones that think most clearly about human systems: how to recruit talent, how to retain affiliates, how to apply pressure, and how to sustain operations when competitors collapse around them.[22]

Qilin has been doing all of this, deliberately, since 2022. As of early 2026, it shows no signs of stopping.[8][24]

QL

threat actor profile

Qilin (Agenda)

Russian-speaking RaaS operation active since 2022. Over 1,000 confirmed victims across 25+ countries, with a focus on healthcare, manufacturing, and critical infrastructure. The dominant ransomware threat globally as of 2025–2026.

full profile

From Agenda to Qilin: A Deliberate Rebuild

The group first appeared under the name Agenda in mid-2022, when a threat actor advertising under that handle began promoting ransomware on RAMP and XSS, two prominent Russian-language hacking forums.[22] The software, written in Go, was notable from the start for its customizability: affiliates could configure file extensions, termination processes, and target-specific company IDs for each attack.[17] Trend Micro researchers who analyzed early samples in August 2022 noted code similarities to Black Basta, Black Matter, and REvil — suggesting shared development resources or personnel with prior RaaS experience.[1][12]

The rebranding to Qilin came in late 2022, and it was not cosmetic. The rename coincided with a complete rewrite of the ransomware in Rust, a systems programming language that offers significant advantages for malware authors: better performance, stronger memory safety that reduces crashes, and considerably harder reverse engineering for defenders.[22][16] By February 2023, the group was operating as a fully structured RaaS platform, offering cross-platform binaries with support for Windows, Linux, and VMware ESXi environments.[5][18]

The ESXi targeting capability is particularly significant because virtualization platforms underpin modern enterprise infrastructure. Encrypting a hypervisor can take down dozens of virtual machines simultaneously, multiplying damage with a single payload deployment.[7]

The Business Model Is the Weapon

Qilin runs a Ransomware-as-a-Service operation, meaning the core group develops and maintains the ransomware infrastructure while recruiting external affiliates to conduct the actual attacks. This model has become common across the ransomware ecosystem, but Qilin has refined it in ways that have given it a distinctive competitive advantage.[6][21]

The affiliate payment structure is unusually generous. Affiliates keep 80% of ransom payments below $3 million, and 85% of anything above that threshold.[17] The core group takes the remainder, handles publication of stolen data on the dark web leak site, and manages ransom negotiations.[4] This inverted pyramid — where the people doing the actual work keep the large majority of the proceeds — has made Qilin an attractive destination for experienced ransomware operators looking for a platform.[16]

When Operation Cronos disrupted LockBit in early 2024, experienced affiliates scattered across the ecosystem. When RansomHub went unexpectedly dark in April 2025, its affiliate base — which had been the dominant ransomware community for the previous three quarters — needed a new home.[4] Qilin was positioned, and apparently advertising aggressively, to absorb that talent. By June 2025, the group recorded 81 victims in a single month, a 47.3% increase over prior periods.[2] By Q2 2025, it had displaced RansomHub as the leading ransomware threat against U.S. State, Local, Tribal, and Territorial government organizations, accounting for 24% of reported incidents — up from 9% in Q1.[4][13]

Product Features Designed to Maximize Extortion

What distinguishes Qilin further is the velocity of its platform development. The group treats its ransomware and affiliate panel as software products, updating capabilities on a regular release cycle.[15][7]

The Qilin B variant introduced a Chrome credential stealer capable of harvesting passwords stored in the browser — an addition that extends damage beyond file encryption into credential compromise across every service the victim accessed through Chrome.[28] Encryption itself was upgraded to AES-256-CTR with OAEP key wrapping, plus ChaCha20 for stream cipher applications, a cryptographic posture that makes victim decryption without the key computationally infeasible.[7] The malware also clears Windows event logs, deletes itself post-execution, and removes Volume Shadow Copy backups to eliminate recovery paths.[22][14]

In October 2025, researchers documented Qilin deploying a Linux payload combined with a Bring Your Own Vulnerable Driver (BYOVD) exploit — a hybrid attack technique that uses a legitimate but vulnerable kernel driver to disable security controls before encryption.[27] This reflects ongoing technical investment well beyond a static toolset.

Affiliates configure attacks through a user-friendly panel. Settable parameters include encryption modes, excluded file extensions and directories, target-specific company IDs used as extensions on encrypted files, and lists of services and processes to terminate during execution.[17] This per-victim customization was a feature from the earliest Agenda days and has only become more refined.[12]

In 2025, the group added capabilities that move it well beyond a simple ransomware platform:[15][2]

• Spam distribution capabilities for affiliates
• DDoS attack tools for additional victim pressure
• Automated ransom negotiation built directly into the affiliate panel
• Petabyte-scale data storage so affiliates avoid relying on third-party cloud services
• On-demand in-house journalists who assist with blog posts and negotiation pressure campaigns

The feature that generated the widest coverage was the "Call Lawyer" button introduced in 2025. Clicking it connects the affiliate to Qilin's in-house legal team, which can then appear in ransom negotiations with victims.[2][22] The group's own explanation:

The mere appearance of a lawyer can increase the ransom amount. — Qilin forum post (translated), via Barracuda

This is a criminal organization that has invested in a legal function specifically to extract more money from victims. That sentence is worth sitting with.

The Infrastructure Behind the Operation

Initial access is gained through spear phishing, exploitation of remote access services like RDP, abuse of Remote Monitoring and Management software, and increasingly through exploitation of unpatched enterprise security appliances.[6][16] In 2025, Qilin's affiliates made aggressive use of CVE-2024-21762 and CVE-2024-55591 — authentication bypass and remote code execution vulnerabilities in Fortinet's FortiGate and FortiProxy devices.[2] Despite CVE-2024-21762 being patched in February 2025, tens of thousands of systems remain exposed.[19]

Researchers at OP Innovate assessed with high confidence that Qilin-linked actors exploited CVE-2025-31324 — a zero-day in SAP NetWeaver Visual Composer with a CVSS score of 10.0 — before it was publicly disclosed.[4]

Once inside a network, affiliates use tools including Cobalt Strike for post-exploitation, Mimikatz and DonPAPI for credential harvesting, PsExec and NetExec for lateral movement, PowerShell for Active Directory enumeration, and SmokeLoader and NETXLOADER for staging additional payloads.[5][4] In one documented case from May 2024, Darktrace observed more than 783 GB of data exfiltrated from a single U.S. enterprise to one external endpoint.[17]

The infrastructure supporting Qilin operations is deliberately obscured through a layered network of bulletproof hosting providers. Resecurity's research traced Qilin's command-and-control infrastructure to a conglomerate of providers with shell companies registered across Hong Kong, Cyprus, Russia, and Kyrgyzstan — all connected through a director named Lenar Davletshin and entities including Chang Way Technologies Co. Limited, Starcrecium Limited, and OOO Red Byte.[23]

The Victims, and What the Targeting Tells Us

As of early 2026, Qilin has claimed more than 1,000 victims since 2022, making it one of the most prolific ransomware operations in recorded history.[20][8] The United States accounts for the largest share — over 333 confirmed victims as of late 2025 — followed by Canada, the United Kingdom, France, and Germany.[8][5] In a single 30-day window between August 21 and September 21, 2025 alone, the group launched 70 attacks spanning governments, healthcare providers, schools, manufacturers, financial institutions, and nonprofits across multiple continents.[5]

The attack against Synnovis, a pathology and diagnostic services provider for NHS hospitals in London, stands as the highest-profile single attack. Struck in June 2024, the attack disrupted blood test processing and transfusion services across multiple NHS hospitals for months. It contributed to more than 170 documented patient harm incidents, two involving long-term or permanent damage, and was a contributing factor in the death of one patient.[22] The attackers demanded approximately $50 million. When the NHS refused to pay, Qilin published nearly 400 GB of patient data.

In September 2025, Qilin claimed the breach of Asahi Group Holdings, Japan's largest beverage manufacturer commanding nearly 40% of the national beer market.[23] The attack paralyzed digital order placement, shipping, and customer service systems across most of Asahi's 30 factories nationwide, forcing reversion to phone, fax, and handwritten order processing. New product launches were postponed. Nationwide shortages developed at major retailers. Resecurity reported Qilin operators were privately attempting to sell the stolen Asahi data for $10 million.[23]

October 2025 became one of Qilin's most active months, with the group publishing over 50 new victims from geographies spanning Croatia, Grenada, France, Germany, Hungary, Italy, South Korea, Spain, Pakistan, and Qatar.[23] Notable targets included Spain's Agencia Tributaria, Volkswagen Group France, electric cooperatives in Texas, Richmond Behavioral Health Authority in Virginia, and, on October 10, Qilin claimed 8 terabytes of data from Shamir Medical Center — described as the largest hospital in Israel — with a 72-hour ultimatum and a warning that law enforcement involvement would accelerate data release.[9][11]

In March 2026, Qilin posted a claim against Aroostook Mental Health Services, a rural community mental health provider in the northeastern United States. At the time of publication, no ransom demand or data samples had been publicly detailed, and the organization had not issued a statement.[20] The targeting of a small behavioral health organization serving a rural population fits a documented pattern: the group shows no discipline in avoiding organizations where data exposure causes maximum personal harm to individuals with limited resources to respond.

Healthcare was the most targeted sector globally in January 2026, with 27 incidents recorded in that month alone.[20] The sector's targeting by ransomware groups is not limited to Qilin — state-sponsored actors have also moved into healthcare ransomware as a revenue mechanism. A prior Qilin breach of Covenant Health, which began in May 2025, compromised data belonging to nearly 478,000 patients — exposed information including names, dates of birth, medical record numbers, Social Security numbers, and treatment details.[1]

The North Korea Factor and Multinational Affiliate Composition

One of the more significant and less widely examined aspects of Qilin is the documented involvement of North Korean actors as affiliates. Microsoft reported that actors from North Korea joined the Qilin operation at some point prior to late 2025. Halcyon's threat intelligence platform specifically identifies Moonstone Sleet — a known North Korean state actor — as among Qilin's strategic affiliations.[18][23]

This is operationally consistent with North Korean threat actor behavior. Groups operating under the DPRK's Lazarus umbrella have historically conducted financially motivated cybercrime — including ransomware — as a mechanism for generating hard currency in circumvention of international sanctions. Participation in a well-structured RaaS operation with an 80–85% affiliate payout model would be an attractive arrangement for state-sponsored hackers looking to maximize returns.[18]

The involvement of North Korean affiliates alongside Russian-speaking operators, Scattered Spider (believed to be primarily U.S. and UK-based), and affiliates drawn from the collapsed LockBit and RansomHub ecosystems means Qilin is a genuinely multinational criminal organization.[18][22] The affiliate model functionally enables this. The core operators do not need to coordinate geopolitics — they simply offer infrastructure and let affiliates from anywhere operate within the platform's rules.

Scattered Spider's involvement warrants specific attention. Known for highly sophisticated social engineering, the group has previously been affiliated with ALPHV/BlackCat, RansomHub, DragonForce, and ShinyHunters.[22] Their methodology tends toward SIM swapping, MFA bombing, and targeted phone-based impersonation of help desk staff — approaches that bypass technical controls that would stop traditional phishing. Adding Scattered Spider's social engineering capabilities to Qilin's encryption and exfiltration infrastructure creates a particularly potent combination.[18]

The Alliance with DragonForce and the New Cartel Architecture

Qilin does not exist in isolation. In 2025, researchers identified a loose alliance structure among DragonForce, Qilin, and remnants of LockBit — which Resecurity characterized as a structural echo of the original Maze ransomware cartel from 2019–2020. Maze was the first group to widely deploy double extortion as a tactic and pioneered the collaborative model where ransomware groups share victim data, tactics, and infrastructure.[23]

The current arrangement is less a formal cartel than a network of interoperating groups whose affiliates overlap, whose crypto payment infrastructure shares addresses, and whose recruiting pools draw from the same underground forums.[8] NCC Group's analysis noted that shared cryptocurrency cash-out addresses link Qilin to other groups through individual affiliates — complicating attribution significantly and making it harder to generate accurate threat intelligence reporting.[8]

This fragmentation and overlap is not a weakness in the ransomware ecosystem. It is a structural resilience feature. When law enforcement disrupts one group, the human talent and technical knowledge disperses into affiliated operations rather than disappearing from the threat landscape.[15]

What Defenders Are Facing

The practical defensive picture that emerges from accumulated research on Qilin is not comfortable. The group's affiliates exploit a broad range of initial access vectors, which means no single defensive control closes the door entirely.[6][14]

• Unpatched perimeter devices — particularly Fortinet and SAP products — remain high-priority targets[2][4]
• Phishing, including increasingly sophisticated pretexting by affiliates like Scattered Spider, continues as the most common initial access vector — and MFA bypass kits have substantially lowered the bar for credential theft[16]
• Compromised MSP credentials, as documented in a 2025 Sophos incident involving ScreenConnect, create cascading downstream risk for all of an MSP's customers[4]
• Time to encryption is variable — Darktrace documented cases where the full cycle from initial access to ransom notes took less than 48 hours[17]

The deletion of shadow copies and Windows event logs on encryption, combined with the self-deletion of the ransomware binary, is specifically designed to complicate forensics and recovery.[7] Ransom demands against U.S. SLTT organizations have reached as high as $500,000, with victims reporting exfiltration of up to 500 GB of data.[4]

The addition of Qilin's in-house legal function to negotiation processes adds a layer of professional pressure that smaller organizations may not be equipped to handle.[2][15]

A Group That Outlasts Its Competition

The question researchers have begun asking about Qilin is the same one Barracuda's analysis posed: how long can it last?[22] The historical answer for ransomware groups is that they collapse under one of a small number of pressures: law enforcement disruption, internal conflict over geopolitics or a high-profile attack that draws government-level response, or an exit scam where leadership disappears with accumulated funds.

DarkSide collapsed after Colonial Pipeline triggered a whole-of-government U.S. response. REvil was dismantled by coordinated international law enforcement. Black Basta tore itself apart over internal conflicts around the Russia-Ukraine war and the Ascension Health attack — its internal chat logs eventually leaked publicly.[22]

Qilin has already navigated one of the primary risk factors. The Synnovis attack and resulting patient death drew significant media and government attention in the UK. The group's public response — blaming British foreign policy and expressing hollow regret for patient harm — was widely assessed as ineffective damage control. But the group did not collapse. It continued operating at increasing scale through 2025 and into 2026, accounting for 17% of all observed ransomware attacks globally in January 2026 — 108 attacks in that month alone.[8] By the week of January 20, 2026, Qilin was driving a 10.4% rise in weekly attack volume across the ransomware landscape.[24]

The structural features that make Qilin resilient: the RaaS model means disruption to the core operator group may not disable the affiliate network.[16] The bulletproof hosting infrastructure, distributed across jurisdictions to resist law enforcement, has proven resistant to individual enforcement actions.[23] And the group's financial incentive structure — the most generous in the ecosystem — continues to attract and retain affiliates.[5]

The Institutional Lesson

Qilin is not the first ransomware group to operate at scale, and it will not be the last. But it represents something worth studying beyond its technical indicators: the maturation of criminal ransomware operations into genuinely institutional entities with the full apparatus of a business.[3][14]

• HR: affiliate recruitment and retention with market-leading payout rates[5]
• Legal: in-house counsel available on demand during ransom negotiations[2]
• Marketing: in-house journalists and branded dark web leak sites[15]
• Product: continuous platform updates on a recurring release cycle[7]
• Finance: cryptocurrency infrastructure and multi-million-dollar data sales[23]

This institutionalization changes what defenders need to think about. Technical controls alone cannot solve an institutional problem. The organizations being targeted are facing an adversary that has thought carefully about their weaknesses — not just their security weaknesses, but their legal exposure, their public relations vulnerabilities, their pressure points for ransom payment, and the specific characteristics of their industry that make disruption maximally painful.[7][14]

Defending against that requires organizational thinking to match it. Incident response plans that include legal counsel, communications teams, and executive decision-making frameworks. Tabletop exercises that go beyond technical response to encompass scenarios where a lawyer appears in the negotiation chat, where a 72-hour countdown is running, and where patient data publication is the stated consequence of non-payment. Backup strategies that account for the specific targeting of shadow copies. Network segmentation that assumes lateral movement will be attempted by a human adversary who has done reconnaissance and knows where the domain controllers are.[7][22]

Qilin has built a machine for extracting money from organizations by understanding those organizations. The response has to operate at the same level of institutional seriousness.