The Qilin ransomware group has ramped up attacks on small and medium businesses, particularly in construction, healthcare, and finance sectors. Security firm S-RM reports that 88% of 2025 cases involved both data theft and file encryption, with stolen information posted on dark web sites when ransoms aren't paid.
Qilin exploits basic vulnerabilities like unpatched VPNs, missing multi-factor authentication, and exposed management interfaces. The group operates like a tech business, renting tools to affiliates including members of Scattered Spider.
While major attacks like the 2024 UK healthcare breach grab headlines, most victims are smaller organizations. S-RM urges companies to patch VPNs regularly, enable multi-factor authentication, and monitor networks for intrusion signs.
Source: Infosecurity Magazine