"Group-IB: Qilin Affiliates Receive Up to 85% Of Each Ransomware Payout"

In March 2023, Group-IB researchers infiltrated the Qilin ransomware group and discovered that affiliates received 80 to 85 percent of each ransomware payout. The researchers infiltrated Tox, an encrypted messaging app used by members of the Qilin ransomware group. They listened in on private conversations with a Qilin recruiter named Haise, who was identified as a member of another dark web group called RAMP. Qilin is a cyber extortion gang that operates a Ransomware-as-a-Service (RaaS) program. The group practices double extortion, demanding a ransom in exchange for a decryptor to access files on encrypted devices, and threatening to publish sensitive information on their data leak website unless the ransom is paid. Between July 2022 and May 2023, Qilin listed 12 organizations on its data leak website. The ransomware group uses Rust-based malware, which is difficult to detect due to the programming language's robust cryptographic properties. Before transitioning to Rust, the group initially developed the malware in the Go programming language. Many Qilin ransomware attacks are customized to maximize their impact on each victim. The group claims it does not target the Commonwealth of Independent States (CIS), which includes Russia and former Soviet states, thus leading Group-IB to believe the Qilin ransomware is pro-Russian. This article continues to discuss Group-IB researchers' findings regarding the Qilin ransomware group. 

CPO Magazine reports "Group-IB: Qilin Affiliates Receive Up to 85% Of Each Ransomware Payout"