"Given the scale and disruption of 2025, this pattern could be an early signal that 2026 may follow a similar path. Organisations should not mistake the month-on-month drop for a decline in risk. As for Qilin, its attacks show no signs of stopping - within the past few days it has claimed a breach of the Local 100 Chapter of the Transport Workers Union of America, affecting 41,000 current and 26,000 former employees."
"Qilin - which went by the name Agenda for a time - operates a standard ransomware-as-a-service (RaaS) model, distributing its tools to a network of trusted affiliates who do its dirty work for it. By some margin, its greatest number of recorded victims is in the US, with 333 known victims, followed by Canada, the UK, France and Germany."
"NCC said the gang was consistently targeting organisations in critical and industrial sectors where operational disruption and sensitive data exposure can increase the pressure to give in to its extortion demands. Active for about three and a half years, Qilin operates a standard ransomware-as-a-service model, distributing its tools to a network of trusted affiliates."
Qilin ransomware gang maintained its dominance in the cyber threat landscape during January 2026, accounting for 108 attacks representing 17% of total observed incidents. While this marked a slight decrease from December's 170 attacks, overall ransomware activity declined 17% to 651 reported incidents in January, following typical seasonal patterns. NCC Group's cyber intelligence team warns that this monthly fluctuation should not be mistaken for reduced risk, as 2026 may mirror 2025's significant disruption levels. Qilin continues targeting critical and industrial sectors where operational disruption maximizes extortion pressure. Operating as a ransomware-as-a-service model for three and a half years, Qilin distributes tools to affiliated attackers, with the United States accounting for the majority of its 333 known victims, followed by Canada, UK, France, and Germany.
#qilin-ransomware #ransomware-as-a-service #critical-infrastructure-attacks #cyber-threat-intelligence #extortion-tactics
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]