"Infiltration of Qilin Reveals Customizable Nature of RaaS Marketplace"

The Russia-aligned Ransomware-as-a-Service (RaaS) group Qilin offers its affiliates sophisticated, user-friendly tools to trap their victims, as well as a significant portion of the proceeds they steal. Qilin, also known as Agenda ransomware, was first identified by Trend Micro in August 2022. The group has been targeting companies in the healthcare and education sectors. After infiltrating Qilin's operations, Group-IB recently revealed previously unknown information about the group's inner workings, including their claim to have compromised at least 12 victims since July 2022. The group provides affiliates with highly flexible tools to manage attacks on organizations. According to threat intelligence analyst Nikolay Kichatov, the RaaS provider recently switched from a solution written in the Go programming language to Rust-based ransomware that makes it easier to tailor attacks to Windows, Linux, and other operating system environments. Many Qilin ransomware attacks are customized in order to optimize their impact on each victim. Kichatov added that this customization and optimization involves modifying filename extensions of encrypted files and terminating specific processes and services. Group-IB threat intelligence researchers analyzed the affiliate program and found a six-section admin interface. This article continues to discuss researchers' findings and observations regarding the Qilin RaaS group. 

SC Media reports "Infiltration of Qilin Reveals Customizable Nature of RaaS Marketplace"