In a significant shift within the cybercriminal ecosystem, Qilin ransomware group has surged to prominence in April 2025, orchestrating 74 cyber attacks globally according to the latest threat intelligence report. This dramatic rise follows the unexpected disappearance of RansomHub, which had dominated the ransomware landscape since early 2024 but claimed just three attacks in April before its data leak site went offline. Qilin’s attack chain from initial access to data encryption, highlights the critical 4-hour window typically observed between initial compromise and ransomware deployment. While the United States remained the most targeted country with 234 ransomware attacks overall in April, Qilin established itself as a formidable threat across multiple continents. The emergence of Qilin as April’s leading ransomware threat signals the continued evolution of the ransomware landscape, with new actors quickly filling voids left by departed groups and demonstrating increasingly sophisticated technical capabilities. This “double extortion” approach has become increasingly refined in their recent campaigns, with the group claiming to have stolen over 1.1TB of data from a France-based transportation software provider and approximately 1TB from a major South Korean industrial conglomerate in April alone. The global impact of ransomware attacks actually declined to 450 in April from 564 in March – the lowest level since November 2024. However, analysts caution this temporary dip likely reflects the transitional period as affiliates realign with emerging RaaS leaders rather than any sustainable decrease in ransomware threat activity. Qilin’s ransomware demonstrates advanced evasion capabilities, including detecting virtualized environments and terminating itself if analysis tools are present. Cyble researchers identified a concerning pattern in Qilin’s operational tactics, noting the group’s particular emphasis on data exfiltration prior to encryption.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 08 May 2025 02:35:01 +0000