The Gentlemen Overtakes Qilin as Most Prolific Ransomware Threat
Analysis of ransomware incidents by ReliaQuest indicates a shift in the ransomware landscape
Qilin is a ransomware operation whose coverage examines reported incidents, technical analysis, disruption efforts, and defensive guidance for organizations.
Search across headline titles and summaries.
Background for this topic.
Qilin is a ransomware family and criminal operation, also reported under the name Agenda. The tag covers reported intrusions attributed to Qilin, technical analysis of its encryptors and supporting infrastructure, disruption efforts, and practical defensive guidance. Reports can differ in confidence, so attribution should be checked against malware behavior, infrastructure evidence, and reliable incident reporting rather than a ransom note alone.
For defenders, Qilin-related coverage is most useful for identifying file-encryption activity, validating detection and containment procedures, and tracking changes between samples or campaigns. Priorities include promptly remediating internet-facing vulnerabilities, restricting and monitoring remote administration, protecting privileged credentials, and maintaining offline or otherwise isolated backups that are regularly tested. During a suspected incident, isolate affected systems, preserve logs and forensic evidence, and avoid destroying indicators that can support scoping, recovery, and notification decisions.
Weekly headline count for the current query.
Analysis of ransomware incidents by ReliaQuest indicates a shift in the ransomware landscape
The ransomware landscape is reconsolidating around major players, with Qilin emerging as the leading RaaS operation, researchers say
Check Point says a critical vulnerability in its Remote Access VPN and Mobile Access solutions has been exploited by Qilin
Qilin, Akira and Dragonforce were responsible for 40% of 672 ransomware incidents reported in March, says Check Point
Hastalamuerte leaks The Gentlemen RaaS ops: FortiGate exploits, BYOVD evasion, Qilin split tactics
Qilin group ransomware incidents have surged in SMBs, exploiting security gaps and collaborating with Scattered Spider threat group
Qilin ransomware activity has surged in late 2025, threatening data leaks via double extortion tactics
The Qilin group claims to have stolen sensitive personal and proprietary data from the Brewer
The Qilin ransomware gang has claimed attacks at Mecklenburg County Public Schools, stealing financial records and childrens’ medical files
The group positions itself “not just as a ransomware group, but as a full-service cybercrime platform”, according to Cybereason
Browser credential harvesting is an unusual activity for a ransomware group
Synnovis has rebuilt “substantial parts” of its systems following the Qilin ransomware attack on June 3, enabling the restoration of core blood supplies to NHS hospitals
Qilin’s attack on Synnovis severely impacted key NHS hospitals in London earlier this month
Ransomware group Qilin has reportedly published nearly 400GB of data stolen following the attack on NHS provider Synnovis in early June
Group-IB's threat intelligence team said it infiltrated and analyzed Qilin's inner workings
Victim companies have a combined revenue of around $550m