Qilin Ransomware Gang Uses Ghost Bulletproof Hosting to Evade Takedowns

The Qilin ransomware group has adopted advanced evasion techniques by leveraging ghost bulletproof hosting services to maintain their malicious infrastructure. These hosting providers are notorious for ignoring abuse complaints, allowing ransomware operators to keep their servers online despite takedown attempts. This strategy significantly complicates efforts by cybersecurity defenders and law enforcement to disrupt ransomware campaigns. Qilin ransomware has been active in targeting organizations globally, encrypting data and demanding hefty ransoms. Their use of ghost bulletproof hosting enhances their resilience and operational security, making it harder to trace and shut down their command-and-control servers. This development underscores the evolving tactics of ransomware groups to sustain their operations under increased scrutiny. Organizations are urged to strengthen their cybersecurity posture by implementing robust backup strategies, network segmentation, and continuous monitoring to detect ransomware activities early. Collaboration between private sector cybersecurity teams and law enforcement is critical to counter these sophisticated threat actors effectively. The rise of ghost bulletproof hosting as a tool for ransomware gangs like Qilin highlights the need for improved international cooperation and stricter regulations on hosting providers to prevent abuse. Cybersecurity communities must stay vigilant and share intelligence to mitigate the impact of such resilient ransomware operations.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 16 Oct 2025 14:05:08 +0000

Cyber News related to Qilin Ransomware Gang Uses Ghost Bulletproof Hosting to Evade Takedowns

Qilin Ransomware Gang Uses Ghost Bulletproof Hosting to Evade Takedowns - The Qilin ransomware group has adopted advanced evasion techniques by leveraging ghost bulletproof hosting services to maintain their malicious infrastructure. These hosting providers are notorious for ignoring abuse complaints, allowing ransomware ...
3 weeks ago Cybersecuritynews.com Qilin ransomware group

10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
8 months ago Cybersecuritynews.com

10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
7 months ago Cybersecuritynews.com

Russian bulletproof hosting service Aeza Group sanctioned by US for ransomware work | The Record from Recorded Future News - Aeza Group is a bulletproof hosting (BPH) services provider, the department said, that allows cybercriminals to avoid law enforcement while renting IP addresses, servers and domains used for disseminating malware, supporting darknet markets and ...
4 months ago Therecord.media LockBit

Linux version of Qilin ransomware focuses on VMware ESXi - A sample of the Qilin ransomware gang's VMware ESXi encryptor has been found and it could be one of the most advanced and customizable Linux encryptors seen to date. Due to this adoption, almost all ransomware gangs have created dedicated VMware ESXi ...
1 year ago Bleepingcomputer.com Qilin

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell - In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. The Spamdot admins went by the ...
1 year ago Krebsonsecurity.com

Latest Information Security and Hacking Incidents - The ransomware strain Qilin has surfaced as a new danger to computers using VMware ESXi, which is a recent development in the cryptocurrency space. Concerned observers have expressed concern over the fact that this Qilin Linux version exhibits a ...
1 year ago Cysecurity.news Qilin

Qilin ransomware claims attack on automotive giant Yanfeng - The Qilin ransomware group has claimed responsibility for a cyber attack on Yanfeng Automotive Interiors, one of the world's largest automotive parts suppliers. Yanfeng is a Chinese automotive parts developer and manufacturer focused on interior ...
1 year ago Bleepingcomputer.com Qilin Black Basta

BulletProof Hosting Provider Qwins Ltd Fueling Global Malware Campaigns - This systematic approach to network utilization demonstrates the sophisticated nature of modern bulletproof hosting operations and their critical role in enabling large-scale cybercriminal campaigns across multiple malware families and attack ...
3 months ago Cybersecuritynews.com

Qilin Has Emerged as The Top Ransomware Group in April with 74 Cyber Attacks - In a significant shift within the cybercriminal ecosystem, Qilin ransomware group has surged to prominence in April 2025, orchestrating 74 cyber attacks globally according to the latest threat intelligence report. This dramatic rise follows the ...
6 months ago Cybersecuritynews.com Ransomhub Qilin

Ghost Ransomware Breaching Organizations in Over 70+ Countries - The ransom note demands payment for both decryption keys and to prevent the public release of stolen information, with attackers maintaining communication through anonymous email channels to apply psychological pressure for payment. Cyber Security ...
6 months ago Cybersecuritynews.com LockBit

Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit

Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities - Cyber Security News - The group’s recent campaign has primarily leveraged critical vulnerabilities in Fortinet’s enterprise security appliances, specifically targeting CVE-2024-21762 and CVE-2024-55591 in unpatched FortiGate and FortiProxy devices. The ...
4 months ago Cybersecuritynews.com CVE-2024-21762 LockBit Qilin

The Week in Ransomware - Today's column brings you two weeks of information on the latest ransomware attacks and research after we skipped last week's article. BleepingComputer has learned that some of the BlackCat/ALPHV affiliates are not buying the explanation and have ...
1 year ago Bleepingcomputer.com LockBit Qilin Noescape

The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta

Qilin ransomware gang alleged to be Asahi hackers - The Qilin ransomware gang has been identified as the group behind the Asahi cyberattacks, marking a significant development in the cybersecurity landscape. This revelation links the notorious Qilin ransomware operators to the sophisticated Asahi ...
1 month ago Therecord.media Qilin ransomware gang Asahi hackers

Qilin Ransomware Gain Traction Following Legal Assistance Option for Ransomware Affiliates - Qilin’s legal department offers what the gang describes as comprehensive support services, including legal evaluations of potential damages, assessments of stolen data, and direct negotiation capabilities with victim organizations. The ...
3 months ago Cybersecuritynews.com Qilin

Aeza Group sanctioned for hosting ransomware, infostealer servers - The U.S. Department of the Treasury has sanctioned Russian hosting company Aeza Group and four operators for allegedly acting as a bulletproof hosting company for ransomware gangs, infostealer operations, darknet drug markets, and Russian ...
4 months ago Bleepingcomputer.com LockBit BianLian

CISA and FBI: Ghost ransomware breached orgs in 70 countries - Right after Amigo_A and Swisscom's CSIRT team first spotted Ghost ransomware in early 2021, their operators were dropping custom Mimikatz samples, followed by CobaltStrike beacons, and deploying ransomware payloads using the legitimate Windows ...
8 months ago Bleepingcomputer.com CVE-2018-13379

Russian Hackers Using Russia-Based Bulletproof Network to Switch Network Infrastructure - Russian-aligned hacking groups UAC-0050 and UAC-0006 have been observed switching their network infrastructure through bulletproof hosting providers, enabling persistent campaigns against Ukrainian entities and their international allies. The complex ...
7 months ago Cybersecuritynews.com

The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
1 year ago Bleepingcomputer.com LockBit Akira Noescape

The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
1 year ago Bleepingcomputer.com Qilin Cactus Black Basta

Bulletproof Hosting Provider Aeza Group Shifting Their Infrastructure to New Autonomous System - Following U.S. Treasury sanctions imposed on July 1, 2025, the notorious bulletproof hosting provider Aeza Group has rapidly migrated its infrastructure to a new autonomous system in an apparent attempt to evade enforcement measures. The U.S. ...
3 months ago Cybersecuritynews.com

Feds Sanction Russian Hosting Provider Over LockBit Attacks - "It is important to acknowledge that although sanctions might impede ransomware operations by targeting their infrastructure, ransomware groups such as LockBit are highly adaptive and well-connected, and will likely have other providers ...
9 months ago Darkreading.com LockBit