Summary
This document is a technical report detailing the threat profile of Qilin ransomware, first identified in July 2022. It operates as a Ransomware-as-a-Service (RaaS), where affiliates earn a significant percentage of ransom payments based on the amount demanded. The report outlines the operational methods of Qilin, including its double extortion technique, which involves data encryption and exfiltration. It frequently targets the industrial sector, particularly in North America. The report also discusses the known vulnerabilities exploited by Qilin, its associations with other threat actors, and the tools utilized in its operations. Additionally, it describes the variations of the ransomware, including the use of different programming languages and encryption methods. The report concludes with an overview of the evolving tactics of Qilin affiliates and their impact on the ransomware landscape, indicating a potential increase in activity in the near future.
