Dragons EyeRansomware Tracker

Dragons Community

Information & Disclaimer

← Back to Groups

qilin

🟢 Active

Status

Active

Total Victims

1,350

Active Sites

5 / 9

Has Parser

No

Top Target Countries

🇺🇸 US🇨🇦 CA🇫🇷 FR🇬🇧 GB🇪🇸 ES

Top Target Industries

ManufacturingBusiness ServicesHealthcareTechnologyConstruction

Country Distribution

🇺🇸 US628

🇨🇦 CA74

🇫🇷 FR68

🇬🇧 GB50

🇪🇸 ES43

🇩🇪 DE40

🇮🇹 IT37

🇯🇵 JP31

Site Locations (9)

Description

Qilin ransomware was first observed in July of 2022. Qilin Ransomware is written in Golang and supports multiple encryption modes; all of which are controlled by the operator. Qilin actors practice double extortion – demanding payment for a decryptor, as well as for the non-release of stolen data.

Ransom Notes (4)

README-RECOVER.txt.qilin.agendaQilin Ransomware Note

Recent Victims (1,350 total)

Victim	Country	Industry	Date
University of Applied Sciences,Worms www.hs-worms.de	Unknown	N/A	Feb 6, 2026
Conpet S.A. (COTE.RO) www.conpet.ro	Unknown	N/A	Feb 6, 2026
La Fabrica www.lafabrica.com.ar	Unknown	N/A	Feb 6, 2026
INGUS www.ingus-net.de	Unknown	N/A	Feb 5, 2026
Sprokkit www.sprokkit.com

ozsxj4hwxub7gio347ac7tyqqozvfioty37skqilzo2oqfs4cw2mgtyd.onion

>>> Qilin <<<
Your network has been breached.
All data has been encrypted and exfiltrated.
If you want to restore access - contact us.
Time is limited.

Do not attempt to recover files using third-party software.

Qilin

README-RECOVER-[rand]_2.txtQilin - README RECOVER [rand] 2

-- Qilin

We have 3.4TB of your data stored on our servers. Contact us or we will publish this data on our blog, in the media and pass it on to the relevant authorities. We are ready to offer you a discount in case of payment within a week.

Your network/system was encrypted.

Encrypted files have new extension.

-- Compromising and sensitive data

We have downloaded compromising and sensitive data from your system/network.

Our group cooperates with the mass media.

If you refuse to communicate with us and we do not come to an agreement, your data will be reviewed and published on our blog and on the media page (https://wikileaks2.site/)

Blog links:

http://kbsqoivihgdmwczmxkbovk7ss2dcynitwhhfu5yw725dboqo5kthfaad.onion

http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion

Data includes:

- Employees personal data, CVs, DL , SSN.

- Complete network map including credentials for local and remote services.

- Financial information including clients data, bills, budgets, annual reports, bank statements.

- Complete datagrams/schemas/drawings for manufacturing in solidworks format

- And more...

-- Warning

1) If you modify files - our decrypt software won't able to recover data

2) If you use third party software - you can damage/modify files (see item 1)

3) You need cipher key / our decrypt software to restore you files.

4) The police or authorities will not be able to help you get the cipher key. We encourage you to consider your decisions.

-- Recovery

1) Download tor browser: https://www.torproject.org/download/

2) Go to domain

3) Enter credentials

Please note that communication with us is only possible via the website in the Tor browser, which is specified in this note.

All other means of communication are not real and may be created by third parties, if such were not provided in this note or on the website specified in this note.

-- Credentials

Extension: 2ir53sQQAU
Domain: [snip]
login: [snip]
password:[snip]