qilin

🟢 Active✓ Parser

Status

Active

Total Victims

1,407

Active Sites

5 / 9

Has Parser

Yes

Top Target Countries

🇺🇸 US🇨🇦 CA🇫🇷 FR🇬🇧 GB🌍 Unknown

Top Target Industries

ManufacturingBusiness ServicesHealthcareTechnologyConstruction

Country Distribution

🇺🇸 US645

🇨🇦 CA75

🇫🇷 FR72

🇬🇧 GB51

🌍 Unknown47

🇪🇸 ES43

🇩🇪 DE41

🇮🇹 IT37

Site Locations (9)

Description

Qilin ransomware was first observed in July of 2022. Qilin Ransomware is written in Golang and supports multiple encryption modes; all of which are controlled by the operator. Qilin actors practice double extortion – demanding payment for a decryptor, as well as for the non-release of stolen data.

Ransom Notes (4)

README-RECOVER.txt.qilin.agendaQilin Ransomware Note

Recent Victims (1,407 total)

View All

Victim	Country	Industry	Date
Pleiad Investment Advisors (Singapore brach) www.pleiadadvisors.com	Unknown	N/A	Mar 9, 2026
Geotec Surveys www.geotecsurveys.com	Unknown	N/A	Mar 7, 2026
Artemedica www.artemedica.com	Unknown	N/A	Mar 7, 2026
Kuzco Lighting www.kuzcolighting.com	Unknown	N/A	Mar 7, 2026
Brothers Produce www.brothersproduce.com

-- Qilin We have 3.4TB of your data stored on our servers. Contact us or we will publish this data on our blog, in the media and pass it on to the relevant authorities. We are ready to offer you a discount in case of payment within a week. Your network/system was encrypted. Encrypted files have new extension. -- Compromising and sensitive data We have downloaded compromising and sensitive data from your system/network. Our group cooperates with the mass media. If you refuse to communicate with us and we do not come to an agreement, your data will be reviewed and published on our blog and on the media page (https://wikileaks2.site/) Blog links: http://kbsqoivihgdmwczmxkbovk7ss2dcynitwhhfu5yw725dboqo5kthfaad.onion http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion Data includes: - Employees personal data, CVs, DL , SSN. - Complete network map including credentials for local and remote services. - Financial information including clients data, bills, budgets, annual reports, bank statements. - Complete datagrams/schemas/drawings for manufacturing in solidworks format - And more... -- Warning 1) If you modify files - our decrypt software won't able to recover data 2) If you use third party software - you can damage/modify files (see item 1) 3) You need cipher key / our decrypt software to restore you files. 4) The police or authorities will not be able to help you get the cipher key. We encourage you to consider your decisions. -- Recovery 1) Download tor browser: https://www.torproject.org/download/ 2) Go to domain 3) Enter credentials Please note that communication with us is only possible via the website in the Tor browser, which is specified in this note. All other means of communication are not real and may be created by third parties, if such were not provided in this note or on the website specified in this note. -- Credentials Extension: 2ir53sQQAU Domain: [snip] login: [snip] password:[snip]