Just Three Ransomware Gangs Accounted for 40% of Attacks Last Month
Qilin, Akira and Dragonforce were responsible for 40% of 672 ransomware incidents reported in March, says Check Point
Qilin is a ransomware operation whose coverage examines reported incidents, technical analysis, disruption efforts, and defensive guidance for organizations.
Search across headline titles and summaries.
Background for this topic.
Qilin is a ransomware family and criminal operation, also reported under the name Agenda. The tag covers reported intrusions attributed to Qilin, technical analysis of its encryptors and supporting infrastructure, disruption efforts, and practical defensive guidance. Reports can differ in confidence, so attribution should be checked against malware behavior, infrastructure evidence, and reliable incident reporting rather than a ransom note alone.
For defenders, Qilin-related coverage is most useful for identifying file-encryption activity, validating detection and containment procedures, and tracking changes between samples or campaigns. Priorities include promptly remediating internet-facing vulnerabilities, restricting and monitoring remote administration, protecting privileged credentials, and maintaining offline or otherwise isolated backups that are regularly tested. During a suspected incident, isolate affected systems, preserve logs and forensic evidence, and avoid destroying indicators that can support scoping, recovery, and notification decisions.
Qilin, Akira and Dragonforce were responsible for 40% of 672 ransomware incidents reported in March, says Check Point
Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver (BYOVD) technique to silence security tools running on compromised hosts, according to findings from Cisco Talos and Trend Micro