The cybercriminal group Qilin, operating under a ransomware-as-a-service model, has just published a new wave of victims on its leak site. Among them are the Spanish tax agency (Agencia Tributaria), the French municipalities of Saint-Claude and Elne, as well as companies like Centurion Family Office Services and Rasi Laboratories in the United States.
The group also claims attacks on Volkswagen France, Turnkey Africa, and organizations such as the New Jersey Property-Liability Insurance Guaranty Association. These incidents affect a wide range of sectors: public institutions, the automotive industry, insurance, healthcare, and finance.
A refined and aggressive strategy
An investigation by Resecurity reveals that Qilin hosts its operations through offshore infrastructure resistant to takedowns. This strategy aims to evade law enforcement and keep their leak site online to increase media pressure on victims. The group also appears to be accelerating data leaks to push victims to pay quickly, with little room for negotiation.
We also recommend reading our article on securing your Docker containers!