Qilin's 2025 dominance as the most active ransomware group
Threat Actor Meta
Summary
Hide ▲
Show ▼
In 2025, Qilin emerged as the most active ransomware group, signaling a high-throughput ransomware-as-a-service operation with broad pressure on enterprise targets. Its scale matters because repeated attack claims and confirmed intrusions can translate into persistent extortion risk, especially for manufacturing environments where downtime quickly becomes supply disruption.
Related Happenings
Beast ransomware group’s RaaS model and shared TTPs exposed through an open server
Threat Actor Meta
First: 20.03.2026 18:31
Last: 20.03.2026 18:31
Sources 1
About this happening:
An exposed **Beast ransomware group** server now shows its **RaaS operating model** and reusable toolset, complicating attribution across ransomware crews. The recovered materials...
Beast ransomware group’s RaaS model and shared TTPs exposed through an open server
Threat Actor MetaAbout this happening: An exposed **Beast ransomware group** server now shows its **RaaS operating model** and reusable toolset, complicating attribution across ransomware crews. The recovered materials...
The Gentlemen RaaS split exposed by hastalamuerte
Threat Actor Meta
First: 19.03.2026 18:00
Last: 19.03.2026 18:00
Sources 1
About this happening:
**hastalamuerte** exposed the internal workings of **The Gentlemen** ransomware group, revealing a **Qilin-related RaaS split** that shows how affiliate-driven ecosystems can rapi...
The Gentlemen RaaS split exposed by hastalamuerte
Threat Actor MetaAbout this happening: **hastalamuerte** exposed the internal workings of **The Gentlemen** ransomware group, revealing a **Qilin-related RaaS split** that shows how affiliate-driven ecosystems can rapi...
DragonForce shifts ransomware-as-a-service into a cartel-style affiliate umbrella
Threat Actor Meta
First: 05.02.2026 00:14
Last: 05.02.2026 00:14
Sources 1
About this happening:
**DragonForce** has shifted into a **cartel-style ransomware-as-a-service model**, letting affiliates launch their own brands while sharing a common umbrella. That change expands...
DragonForce shifts ransomware-as-a-service into a cartel-style affiliate umbrella
Threat Actor MetaAbout this happening: **DragonForce** has shifted into a **cartel-style ransomware-as-a-service model**, letting affiliates launch their own brands while sharing a common umbrella. That change expands...
Qilin, Akira and Sinobi late-2025 ransomware wave
Campaign
First: 29.01.2026 15:01
Last: 29.01.2026 15:01
Sources 1
About this happening:
A **late-2025 ransomware wave** led by **Qilin**, **Akira** and **Sinobi** increased pressure on **organizations** as operators prioritized **fast access and execution** to evade...
Qilin, Akira and Sinobi late-2025 ransomware wave
CampaignAbout this happening: A **late-2025 ransomware wave** led by **Qilin**, **Akira** and **Sinobi** increased pressure on **organizations** as operators prioritized **fast access and execution** to evade...
Ransomware leak-site postings surged across victim organizations in Q4 2025
Target Trend
First: 29.01.2026 15:01
Last: 29.01.2026 15:01
Sources 1
About this happening:
In **Q4 2025**, ransomware leak-site postings for **victim organizations** rose sharply, signaling stronger extortion pressure across affected targets. Postings were **up 50% quar...
Ransomware leak-site postings surged across victim organizations in Q4 2025
Target TrendAbout this happening: In **Q4 2025**, ransomware leak-site postings for **victim organizations** rose sharply, signaling stronger extortion pressure across affected targets. Postings were **up 50% quar...
Timeline
-
15.12.2025 13:15 1 articles · 5mo ago
Asahi Group Holdings plans cybersecurity overhaul after Qilin ransomware attack
Mitigation Patch UpdateAsahi Group Holdings CEO Atsushi Katsuki said on December 15 that the company is elevating cybersecurity to a top management priority, considering a dedicated cybersecurity unit, scrapping VPNs, and adopting a stricter zero-trust model after the September 29 Qilin ransomware attack disrupted main systems, automated order and shipping processes, and exposed personal data.
Show sources
- Asahi to Launch Cybersecurity Overhaul After Crippling Cyber-Attack — www.infosecurity-magazine.com — 15.12.2025 13:15
-
08.10.2025 04:00 1 articles · 7mo ago
Asahi Group Holdings discloses breach and shuts down operations
Initial DisclosureAsahi Group Holdings disclosed a breach on Sept. 29 and immediately shut down operations while isolating affected systems, a move that contributed to shortages of the company's beers in Japan.
Show sources
- Cyberattack Leads to Beer Shortage as Asahi Recovers — www.darkreading.com — 08.10.2025 04:00
-
08.10.2025 04:00 1 articles · 7mo ago
Qilin claims responsibility for the Asahi Group Holdings breach
Campaign Scope UpdateFour days after the breach disclosure, the Qilin ransomware-as-a-service group took credit for the attack on Asahi Group Holdings and reportedly posted screenshots of alleged internal documents from Asahi systems; the gang also described Asahi as the fourth Japanese company it had claimed in 2025.
Show sources
- Cyberattack Leads to Beer Shortage as Asahi Recovers — www.darkreading.com — 08.10.2025 04:00
-
08.10.2025 04:00 2 articles · 7mo ago
Asahi Group Holdings restarts manufacturing after ransomware disruption
Victim Impact UpdateAsahi Group Holdings restarted manufacturing operations this week after the ransomware attack that left shortages in Japan of the company's popular beers, while the company said it was continuing to investigate the nature and scope of any unauthorized data transfer and using alternative measures to keep product supply moving.
Show sources
- Cyberattack Leads to Beer Shortage as Asahi Recovers — www.darkreading.com — 08.10.2025 04:00
- Cyberattack Leads to Beer Shortage as Asahi Recovers — www.darkreading.com — 08.10.2025 04:00