Qilin Ransomware Leveraging MSPaint and Notepad to Evade Detection

The Qilin ransomware group has been observed using unconventional methods to evade detection and enhance their attack efficacy. Notably, they leverage common Windows tools such as MSPaint and Notepad during their ransomware campaigns. This tactic allows them to blend in with normal system operations, making it harder for security solutions to identify malicious activities. Qilin ransomware operators exploit these trusted applications to execute parts of their payload, complicating detection and response efforts by cybersecurity teams. This approach highlights a growing trend among ransomware groups to use legitimate software for malicious purposes, thereby bypassing traditional security controls that focus on suspicious executables. The use of MSPaint and Notepad as part of the attack chain demonstrates the attackers' creativity and adaptability in leveraging everyday tools to carry out sophisticated cyberattacks. Organizations are advised to enhance their monitoring of system processes and user activities, especially those involving common applications like MSPaint and Notepad. Implementing behavioral analytics and endpoint detection and response (EDR) solutions can help identify anomalies indicative of ransomware activity. Additionally, maintaining up-to-date backups and educating employees about ransomware tactics remain critical components of a robust cybersecurity posture. The Qilin ransomware case underscores the importance of continuous threat intelligence and adaptive defense strategies to counter evolving ransomware techniques. Cybersecurity professionals must stay vigilant and update their detection capabilities to recognize and mitigate threats that exploit legitimate software in novel ways.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 27 Oct 2025 13:50:12 +0000

Cyber News related to Qilin Ransomware Leveraging MSPaint and Notepad to Evade Detection

10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
10 months ago Cybersecuritynews.com

Qilin Ransomware Leveraging MSPaint and Notepad to Evade Detection - The Qilin ransomware group has been observed using unconventional methods to evade detection and enhance their attack efficacy. Notably, they leverage common Windows tools such as MSPaint and Notepad during their ransomware campaigns. This tactic ...
1 month ago Cybersecuritynews.com Qilin ransomware group

10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
8 months ago Cybersecuritynews.com

25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
5 months ago Cybersecuritynews.com

Linux version of Qilin ransomware focuses on VMware ESXi - A sample of the Qilin ransomware gang's VMware ESXi encryptor has been found and it could be one of the most advanced and customizable Linux encryptors seen to date. Due to this adoption, almost all ransomware gangs have created dedicated VMware ESXi ...
2 years ago Bleepingcomputer.com Qilin

Latest Information Security and Hacking Incidents - The ransomware strain Qilin has surfaced as a new danger to computers using VMware ESXi, which is a recent development in the cryptocurrency space. Concerned observers have expressed concern over the fact that this Qilin Linux version exhibits a ...
2 years ago Cysecurity.news Qilin

Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities - Cyber Security News - The group’s recent campaign has primarily leveraged critical vulnerabilities in Fortinet’s enterprise security appliances, specifically targeting CVE-2024-21762 and CVE-2024-55591 in unpatched FortiGate and FortiProxy devices. The ...
5 months ago Cybersecuritynews.com CVE-2024-21762 LockBit Qilin

Hands on with Windows 11 Notepad's new markdown support - While it's lightweight, and I can confirm Notepad doesn't use excessive CPU or memory at any point when formatting, you can always clear all formatting or turn off the feature from Settings. Notepad now lets you use markdown text formatting on ...
5 months ago Bleepingcomputer.com

Qilin ransomware claims attack on automotive giant Yanfeng - The Qilin ransomware group has claimed responsibility for a cyber attack on Yanfeng Automotive Interiors, one of the world's largest automotive parts suppliers. Yanfeng is a Chinese automotive parts developer and manufacturer focused on interior ...
2 years ago Bleepingcomputer.com Qilin Black Basta

Qilin Has Emerged as The Top Ransomware Group in April with 74 Cyber Attacks - In a significant shift within the cybercriminal ecosystem, Qilin ransomware group has surged to prominence in April 2025, orchestrating 74 cyber attacks globally according to the latest threat intelligence report. This dramatic rise follows the ...
7 months ago Cybersecuritynews.com Ransomhub Qilin

The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta

Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit

Notepad++ Input Validation Flaw Leads Search Path Vulnerability - Notepad++ has been discovered with an uncontrolled search path vulnerability, which could allow threat actors to search an untrusted search path. This vulnerability has been disclosed to Notepad++, and a patch has yet to be provided. Notepad++ is a ...
2 years ago Cybersecuritynews.com

The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
2 years ago Bleepingcomputer.com Qilin Cactus Black Basta

Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com Medusa

Qilin Ransomware Leverages TPwSav.sys Driver to Disable EDR Security Measures - The Qilin ransomware operation, active since July 2022, has incorporated a previously unknown vulnerable driver called TPwSav.sys into their attack arsenal, enabling them to stealthily disable EDR protections through a technique known as ...
4 months ago Cybersecuritynews.com Qilin

The Week in Ransomware - Today's column brings you two weeks of information on the latest ransomware attacks and research after we skipped last week's article. BleepingComputer has learned that some of the BlackCat/ALPHV affiliates are not buying the explanation and have ...
2 years ago Bleepingcomputer.com LockBit Qilin Noescape

Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com 8base

LockBit, Qilin, and DragonForce Join Forces in a New Ransomware Alliance - In a significant development in the cyber threat landscape, three notorious ransomware groups—LockBit, Qilin, and DragonForce—have reportedly joined forces to enhance their ransomware operations. This alliance marks a new era of collaboration ...
2 months ago Thehackernews.com LockBit Qilin DragonForce

Ransomware Operations Surge Following Qilin's New Pattern of Attacks - The cybersecurity landscape witnessed a dramatic shift in June 2025 as the Qilin ransomware group emerged as the dominant threat actor, orchestrating an unprecedented surge in high-value targeted attacks across multiple sectors and geographical ...
5 months ago Cybersecuritynews.com Qilin Ransomhub

Qilin ransomware gang alleged to be Asahi hackers - The Qilin ransomware gang has been identified as the group behind the Asahi cyberattacks, marking a significant development in the cybersecurity landscape. This revelation links the notorious Qilin ransomware operators to the sophisticated Asahi ...
2 months ago Therecord.media Qilin ransomware gang Asahi hackers

Qilin Ransomware Gain Traction Following Legal Assistance Option for Ransomware Affiliates - Qilin’s legal department offers what the gang describes as comprehensive support services, including legal evaluations of potential damages, assessments of stolen data, and direct negotiation capabilities with victim organizations. The ...
4 months ago Cybersecuritynews.com Qilin

Windows 11 Notepad gets a built-in character counter, finally - Microsoft keeps improving and adding more features to the Windows 11 Notepad application, the latest being a built-in character counter. Until now, users who needed a quick way to count characters in a text file have been forced to use third-party ...
2 years ago Bleepingcomputer.com