The Gentlemen Overtakes Qilin as Most Prolific Ransomware Threat
Analysis of ransomware incidents by ReliaQuest indicates a shift in the ransomware landscape
Qilin is a ransomware operation whose coverage examines reported incidents, technical analysis, disruption efforts, and defensive guidance for organizations.
Search across headline titles and summaries.
Background for this topic.
Qilin is a ransomware family and criminal operation, also reported under the name Agenda. The tag covers reported intrusions attributed to Qilin, technical analysis of its encryptors and supporting infrastructure, disruption efforts, and practical defensive guidance. Reports can differ in confidence, so attribution should be checked against malware behavior, infrastructure evidence, and reliable incident reporting rather than a ransom note alone.
For defenders, Qilin-related coverage is most useful for identifying file-encryption activity, validating detection and containment procedures, and tracking changes between samples or campaigns. Priorities include promptly remediating internet-facing vulnerabilities, restricting and monitoring remote administration, protecting privileged credentials, and maintaining offline or otherwise isolated backups that are regularly tested. During a suspected incident, isolate affected systems, preserve logs and forensic evidence, and avoid destroying indicators that can support scoping, recovery, and notification decisions.
Weekly headline count for the current query.
Analysis of ransomware incidents by ReliaQuest indicates a shift in the ransomware landscape
Ransomware remains above 1,400 attacks yearly since 2023. Qilin leads in 2026, while the U.S. remains the main target. Ransomnews has independently confirmed 9,291 ransomware attacks worldwide between January 2018 and July 2026, tracking incidents only when verified through victim disclosures, regulatory filings, official statements, or credible press reporting. Leak-site listings alone don’t qualify, operators […]
The ransomware landscape is reconsolidating around major players, with Qilin emerging as the leading RaaS operation, researchers say
A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service (RaaS) schemes like LockBit (aka Tenacious Mantis), Qilin (aka Pestilent Mantis), and Medusa (aka Venomous Mantis)
Check Point says a critical vulnerability in its Remote Access VPN and Mobile Access solutions has been exploited by Qilin
Two years on from ransomware attack, hospitals are still trying to identify and warn patients
CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. [...]
A newly discovered, critical zero-day vulnerability is under attack; a Qilin ransomware affiliate has been blamed for at least one incident.
Scumbags, including a Qilin ransomware affiliate, began hitting this hole May 7
Israeli cybersecurity company Check Point has released security updates to patch a critical flaw affecting Remote Access VPN and Mobile Access deployments, which was exploited in zero-day attacks. [...]
Cushman & Wakefield activated incident response protocols after serial extortionists issued separate threats
Cushman & Wakefield activated incident response protocols after serial extortionists issued separate threats Real estate giant Cushman & Wakefield has confirmed a data breach after two cybercrime groups, ShinyHunters and Qilin, separately claimed responsibility for attacks on the company.…
Qilin, Akira and Dragonforce were responsible for 40% of 672 ransomware incidents reported in March, says Check Point
Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver (BYOVD) technique to silence security tools running on compromised hosts, according to findings from Cisco Talos and Trend Micro
The Qilin ransomware group has claimed responsibility for an attack against Die Linke ('The Left'), forcing an IT systems outage at the political party, and threatening sensitive data leak. [...]
Hastalamuerte leaks The Gentlemen RaaS ops: FortiGate exploits, BYOVD evasion, Qilin split tactics
Romania's national oil pipeline operator, Conpet S.A., confirmed that the Qilin ransomware gang stole company data in an attack last week. [...]
Ransomware Gang Qilin Had Claimed It Stole 852 GB of Health System's DataNearly half a million patients of a Catholic healthcare network that serves New England and parts of Pennsylvania began the new year by receiving notifications that hackers may have stolen their health information in a May 2025 hacking incident.
Also, Dutch Defend the Nexperia Takeover, Hikvision Challenges FCC, Qilin StrikesThis week, likely North Korean hackers exploited React2Shell. The Dutch government defended its seizure of Nexperia. Prompt injection may be here to stay. Hikvision pushed back against a new U.S. crackdown. Qilin claimed it hacked Scientology, Microsoft Patch Tuesday and MuddyWater activity.
Inotiv Tells SEC 'It's Still Evaluating Full Impact and Notifying Breach Victims'Drug research firm Inotiv in a filing with federal regulators said it is still evaluating the financial and operational impact of an August cyberattack that's linked to ransomware gang Qilin. The company is also notifying nearly 10,000 people whose data was allegedly stolen in the incident.