Affiliated members of the QILIN group, known for providing ransomware as a service, are earning large sums of money through their cyber attacks, causing concern for other internet users. According to a report published this week by cybersecurity specialists from Group-IB, the affiliated members of QILIN who use extortion software for their own attacks can earn up to 80% of the purchase amount, if it does not exceed $3 million. For purchases exceeding $3 million, a partner’s share can increase to 85%. This means that attackers are making significant profits without needing to develop their own extortion software, instead focusing on finding victims.
The QILIN group has been operating at least since August 2022, as stated by the Group-IB report. Initially, the group encoded on GO, but later switched to Rust programming language due to its difficulty for analysis and detection and its easy configuration for specific operating systems. QILIN utilizes double extortion, which involves encrypting victim data and stealing it, then demanding payment to restore the files and prevent the disclosure of sensitive information. Fishing is a common entry point that allows QILIN members to search for data on casual networks.
QILIN advertises its malicious software on the darknet and even has its own website for data leaks, where it displays identifiers of the targeted companies and lays out stolen data. An administrative panel is available to QILIN partners for attacking attacks, which includes a toolbar for all actions, from setting goals to making payments and changing passwords. Affiliated RAAS participants are often large groups with 100 members or more, including developers, managers, negotiators, and other specialists. Some of the partners in RAAS models are members of renowned hacker groups such as Lockbit, Blackcat, Hive, and BlackBasta.
According to Group-IB researchers, attacks using extortion software will persist, and the RAAS market, the increasing number of affiliated programs, and the publication of stolen data on leaks will all be key factors in this process. While QILIN’s operations continue to affect internet users, it’s essential to prioritize protecting online information and switching to more secure communication channels.