Find notable cyber news and cases, enriched with sources, timelines, and signals.

Qilin consolidates into dominant RaaS position as ransomware market reconcentrates

Threat Actor Meta
First reported
Last updated
Happening score
H score 39
1 unique sources, 1 articles

Summary

Hide ▲

Qilin is consolidating into a dominant RaaS position as the ransomware ecosystem shifts back from fragmentation to concentration, increasing affiliate scale and victim volume across the market. Research cited in the piece puts Qilin near 16% market share, with affiliates drawn by high payouts, mature infrastructure, and expanded extortion services. The consolidation strengthens one of the largest ransomware platforms even as smaller groups continue to emerge.

Related Happenings

The Gentlemen ransomware group’s 90/10 RaaS model and rapid victim growth

Threat Actor Meta
H score26 First: 10.06.2026 17:03 Last: 10.06.2026 17:03 Sources 1

About this happening: **The Gentlemen** ransomware group has become a high-volume **RaaS** operation, using a **90/10 affiliate split** to attract operators and expand its reach. The group now ranks as...

TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns

Threat Actor Meta
H score11 First: 31.03.2026 15:15 Last: 31.03.2026 15:15 Sources 1

About this happening: TeamPCP and **Vect ransomware group** are linking **supply-chain compromises** to **follow-on ransomware campaigns**, broadening extortion risk for affected organizations. The shi...

The Gentlemen RaaS split exposed by hastalamuerte

Threat Actor Meta
H score25 First: 19.03.2026 18:00 Last: 19.03.2026 18:00 Sources 1

About this happening: **hastalamuerte** exposed the internal workings of **The Gentlemen** ransomware group, revealing a **Qilin-related RaaS split** that shows how affiliate-driven ecosystems can rapi...

DragonForce shifts ransomware-as-a-service into a cartel-style affiliate umbrella

Threat Actor Meta
H score38 First: 05.02.2026 00:14 Last: 05.02.2026 00:14 Sources 1

About this happening: **DragonForce** has shifted into a **cartel-style ransomware-as-a-service model**, letting affiliates launch their own brands while sharing a common umbrella. That change expands...

Qilin, Akira and Sinobi late-2025 ransomware wave

Campaign
H score39 First: 29.01.2026 15:01 Last: 29.01.2026 15:01 Sources 1

About this happening: A **late-2025 ransomware wave** led by **Qilin**, **Akira** and **Sinobi** increased pressure on **organizations** as operators prioritized **fast access and execution** to evade...

Timeline

  1. 03.07.2026 16:00 1 articles · 6d ago

    Qilin targets Check Point Remote Access VPN and Mobile Access vulnerability

    Exploitation Observed

    Check Point disclosed that Qilin targeted a vulnerability in its own Remote Access VPN and Mobile Access solution, and the company said the issue affected one customer.

    Show sources
  2. 03.07.2026 16:00 2 articles · 6d ago

    Qilin consolidates dominance in the ransomware-as-a-service market

    Initial Disclosure

    Ransomware market consolidation is shifting power back to Qilin after the disruption of major groups including LockBit and RansomHub. Check Point research puts Qilin near 16% market share, and Sophos X-Ops CTU data shows 1,496 victims listed on Qilin's data leak site over the last 12 months. The same reporting says The Gentlemen is gaining traction among affiliates, targeting enterprise environments with modular tooling and cross-platform payloads, and briefly overtook Qilin in June 2026 with 115 victims versus Qilin's 78.

    Show sources