Qilin ransomware escalates rapidly in 2025, targeting critical sectors with 700 attacks amid RansomHub shutdown

As Qilin marked its 700th ransomware attack of 2025, the group further cemented its position as the most prolific ransomware operator in recent years. Comparitech notes that only ten months into the year, Qilin has already surpassed last year’s leading strain, RansomHub, which claimed 547 victims across 2024. The gang’s primary targets include manufacturers, financial firms, retailers, healthcare providers, and government agencies—critical sectors where system encryption or data theft can cause severe disruption and put data subjects at risk.

“Qilin is a Russia-based group that first appeared in 2022, but it only really started to gain traction in 2023 when it made 45 attack claims. In 2024, its victim count rose to 179 before quadrupling this year,” Rebecca Moody, Comparitech’s head of data research, wrote in a blog post last week. “Part of Qilin’s recent onslaught of attacks could be attributed to its ransomware-as-a-service business model. Under a RaaS scheme, third-party affiliates pay to use Qilin’s malware and infrastructure to carry out attacks and collect ransoms.”

She noted that after RansomHub went dark in April 2025, its affiliates are rumored to have flocked to Qilin. “This coincided with a 280 percent jump in attack claims, from 185 at the end of April 2025 to 701 now.”

She added that the attacks on manufacturers can also lead to data breaches. While not often as vast as breaches in other sectors, such as the healthcare sector, they can still have serious consequences. For example, Qilin recently claimed an attack on Nissan’s design agency, Nissan Creative Box. Qilin says it stole more than 4 TB of data, including design data that could lead to product information being leaked and Nissan’s business strategy being interrupted/impeded by competitors.

To read the complete article see: Qilin ransomware escalates rapidly in 2025 .