New Qilin.B Ransomware Strain Unleashes Stronger Encryption and Advanced Evasion Tactics in Latest Attacks

A new variant of the Qilin (Agenda) ransomware, known as Qilin.B, has been discovered with enhanced encryption methods, improved evasion techniques, and capabilities to disrupt data recovery. This strain targets both Windows and network systems, making it a serious threat to enterprises across various sectors.

  • Qilin.B uses AES-256-CTR encryption with AESNI for faster performance on supported CPUs and ChaCha20 for older systems.
  • RSA-4096 with OAEP padding ensures key protection, making decryption nearly impossible without the private key.
  • Disrupts data recovery mechanisms by terminating services like Veeam, SQL, and Volume Shadow Copy, and clears Windows Event Logs for stealth.
  • Targets local directories and network folders, adding autorun keys and ransom notes for each folder encrypted.

  • Qilin.B deletes its binary after encryption and can persist through Windows Registry modifications.
  • Previous Qilin variants have been used in significant attacks on healthcare, court services, and automotive industries.

The evolution of ransomware like Qilin.B emphasizes the need for advanced security measures to protect against emerging threats. Net Protector Cyber Security offers robust solutions like Total Security and Z-Security for Servers to safeguard critical systems, prevent data loss, and provide strong protection against encryption-based attacks. These tools ensure that enterprises can defend against the most sophisticated ransomware while maintaining system resilience.