Qilin ransomware-as-a-service affiliate campaign targeting five countries
Campaign
Summary
Hide ▲
Show ▼
Qilin ransomware-as-a-service affiliates sustained a multi-country campaign through 2H 2025, keeping leak-site pressure high and showing repeatable extortion activity. The operation used double extortion against organizations in the United States, Canada, the United Kingdom, France and Germany. The scale and continuity make this an active, high-volume ransomware operation rather than isolated intrusions.
Related Happenings
Charter Communications hit by network compromise linked to ShinyHunters
Incident
First: 26.05.2026 22:46
Last: 26.05.2026 22:46
Sources 1
About this happening:
**Charter Communications** confirmed a **data breach** tied to **ShinyHunters** extortion, raising the risk of customer-data exposure and active follow-on pressure. The company sa...
Charter Communications hit by network compromise linked to ShinyHunters
IncidentAbout this happening: **Charter Communications** confirmed a **data breach** tied to **ShinyHunters** extortion, raising the risk of customer-data exposure and active follow-on pressure. The company sa...
Gentlemen ransomware affiliate campaign expanding toolkit and infrastructure
Campaign
First: 20.04.2026 23:02
Last: 20.04.2026 23:02
Sources 1
About this happening:
The **Gentlemen ransomware** campaign has now been tied to a **ransomware attack on Oltenia Energy Complex** on the **second day of Christmas**, disrupting **ERP systems**, **docu...
Gentlemen ransomware affiliate campaign expanding toolkit and infrastructure
CampaignAbout this happening: The **Gentlemen ransomware** campaign has now been tied to a **ransomware attack on Oltenia Energy Complex** on the **second day of Christmas**, disrupting **ERP systems**, **docu...
Akira group rapid double-extortion ransomware activity
Malware Activity
First: 02.04.2026 16:00
Last: 02.04.2026 16:00
Sources 1
About this happening:
**Akira** ransomware activity now includes **AdaptixC2** abuse in active intrusions, alongside the group’s **under-one-hour** to **under-four-hours** attack cadence. A **Silent Pu...
Akira group rapid double-extortion ransomware activity
Malware ActivityAbout this happening: **Akira** ransomware activity now includes **AdaptixC2** abuse in active intrusions, alongside the group’s **under-one-hour** to **under-four-hours** attack cadence. A **Silent Pu...
DeadLock ransomware uses Polygon smart contracts for proxy rotation
Malware Activity
First: 14.01.2026 16:20
Last: 14.01.2026 16:20
Sources 1
About this happening:
**DeadLock ransomware** is now using **Polygon smart contracts** to rotate **proxy server addresses**, making its **C2** infrastructure harder to block. The activity has been seen...
DeadLock ransomware uses Polygon smart contracts for proxy rotation
Malware ActivityAbout this happening: **DeadLock ransomware** is now using **Polygon smart contracts** to rotate **proxy server addresses**, making its **C2** infrastructure harder to block. The activity has been seen...
2025 Ransomware victim growth and sector concentration
Target Trend
First: 23.12.2025 15:00
Last: 23.12.2025 15:00
Sources 1
About this happening:
Ransomware activity stayed elevated in **2025**, with **7,902 victims** listed across **306 active groups**, signaling sustained pressure on enterprise targets. The largest concen...
2025 Ransomware victim growth and sector concentration
Target TrendAbout this happening: Ransomware activity stayed elevated in **2025**, with **7,902 victims** listed across **306 active groups**, signaling sustained pressure on enterprise targets. The largest concen...
Timeline
-
27.10.2025 18:45 1 articles · 7mo ago
Qilin ransomware-as-a-service affiliate campaign targeting five countries
Initial DisclosureQilin emerged in **mid-2022** and expanded into a **ransomware-as-a-service** ecosystem with affiliates. By **late 2025**, that ecosystem was sustaining regular leak-site publishing across multiple countries.
Show sources
- Qilin Ransomware Group Publishes Over 40 Cases Monthly — www.infosecurity-magazine.com — 27.10.2025 18:45