Qilin Ransomware Group’s Latest Victims: From Schools to Municipalities
Recently, the nonprofit organization Promises2Kids, dedicated to supporting children in San Diego, California, USA, fell victim to an attack by the Qilin hacker group, notorious for spreading ransomware. The hackers claimed to have gained access to the organization’s confidential information, threatening to publicly disclose it unless a ransom is paid.
The Qilin group is infamous for its assaults on various entities, including healthcare institutions and large corporations. In this instance, they employed a double extortion tactic, where, in addition to encrypting data, the hackers threaten to publish the stolen information, thereby significantly increasing the pressure on the victim.
Qilin operates under a “ransomware-as-a-service” (RaaS) model, recruiting third-party affiliates to distribute the malicious software and sharing the ransom with them. The perpetrators likely used phishing techniques for the initial breach of the system, followed by the deployment of spyware to monitor and control the compromised devices.
The attack on Promises2Kids is particularly heinous, given that the organization aids children who have experienced abuse and neglect. This has sparked public outrage and underscores the depravity of cybercriminals who target such vulnerable entities.
The leadership of Promises2Kids has already sought assistance from cybersecurity experts and is collaborating with law enforcement to investigate the incident. The organization has made efforts to mitigate the consequences of the attack, but it remains unclear whether they have succeeded in preventing the data from being leaked.
In addition to the attack on Promises2Kids, Qilin representatives claimed to have simultaneously breached four other organizations, including:
- Hiesmayr Haustechnik — an Austrian company specializing in engineering systems and plumbing, offering comprehensive solutions for building construction and modernization.
- Central College Jounieh — an educational institution in Lebanon providing a broad range of academic programs for students of various ages.
- ON365 Ltd — a UK-based company specializing in IT services, including the management and support of data center infrastructure.
- Municipality of Jaboatao dos Guararapes — a Brazilian municipality responsible for managing local administrative and public services for the region’s residents.
These attacks reflect Qilin’s deliberate targeting of organizations across diverse sectors globally, confirming their far-reaching ambitions and indiscriminate choice of victims.
Such incidents underscore the pressing need for enhanced data protection and staff training to prevent phishing attacks and other forms of cyber threats.
