Ransomware alert infographic: Qilin icon using MSPaint and Notepad to scan files, arrows to encrypted data; protective shields for segmentation and monitoring, with "Secure Your Network" warning banner over a Windows desktop.

Qilin (formerly Agenda), active since 2022, has become a top ransomware threat, posting over 40 victims monthly and targeting sectors like manufacturing (23%) and professional services (18%). It employs double-extortion, using a leak site to pressure payments, with a focus on the US, Canada, and Europe.

Ransomware alert infographic: Qilin icon using MSPaint and Notepad to scan files, arrows to encrypted data; protective shields for segmentation and monitoring, with "Secure Your Network" warning banner over a Windows desktop.Ransomware alert infographic: Qilin icon using MSPaint and Notepad to scan files, arrows to encrypted data; protective shields for segmentation and monitoring, with "Secure Your Network" warning banner over a Windows desktop.

The group abuses legitimate Windows tools like MSPaint and Notepad to scan for sensitive files, evading detection. Attacks start with VPN breaches, involve reconnaissance with built-in tools, credential theft via Mimikatz, and lateral movement, culminating in dual encryptors and exfiltration via Cyberduck.

Ransomware alert infographic: Qilin icon using MSPaint and Notepad to scan files, arrows to encrypted data; protective shields for segmentation and monitoring, with "Secure Your Network" warning banner over a Windows desktop.Ransomware alert infographic: Qilin icon using MSPaint and Notepad to scan files, arrows to encrypted data; protective shields for segmentation and monitoring, with "Secure Your Network" warning banner over a Windows desktop.

Defend against this: Implement asset inventory, privilege segmentation, and monitor unusual app behaviors. Qilin's agile tactics demand proactive security to counter evolving ransomware threats.


NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security