Qilin Ransomware Claims 18 Victims in 24h
Statistical Overview
Victim Totals
- This month: 258
- This quarter: 1803
- Year to date: 4427
- Last 24h: 39
Quarterly Breakdown
Q1: 2631 | Q2: 1803 | Q3: 0 | Q4: 0
Ransomware activity remains significant this quarter, with 39 new victims reported in the last 24 hours. The volume for Q2 currently stands at 1803, indicating continued operations from groups like Qilin, The_Gentlemen, and DragonForce.
Introduction
In the last 24 hours, ransomware operators listed 39 new victims across various sectors. Qilin was the most active group, accounting for 18 victims, primarily affecting the Energy & Utilities and Manufacturing sectors. Other groups included The_Gentlemen with 6 victims and DragonForce with 4. Attacks covered various targets, including a significant number of law firms.
Ransomware Summary Table
| # | Group | Victims (24h) | Sample Victims | Geos | Sectors |
|---|---|---|---|---|---|
| 1 | Qilin | 18 | Altavista strategic partners, Bekman marder hopper malarkey & perlin, Bitek system (+15) | United States, South Korea | Energy & Utilities, Manufacturing |
| 2 | The Gentlemen | 6 | Allensbach volunteer, Highwoods, Scenic hudson (+3) | Japan, United States | Government / Public Sector, Financial Services |
| 3 | DragonForce | 4 | Astec valves & fittings pvt, Brian cox, Cekok (+1) | Hong Kong, United Kingdom | Manufacturing, Real Estate |
| 4 | Prinz Eugen | 3 | Spratley's of mortimer, Standard bank group, Transitions pro centre val de loire | South Africa, United Kingdom | Financial Services, Automotive |
| 5 | Krybit | 2 | Libertyinsurance.com.ph, Probe, s.a. de c.v | Philippines, El Salvador | Insurance, Professional Services |
| 6 | SLSH | 2 | Nexstar.tv, Ralph lauren corporation | United States | Retail & Ecommerce, Media & Entertainment |
| 7 | CMD | 1 | New FACOM Co., Ltd. | Japan | Technology / Software |
| 8 | INC Ransom | 1 | fineconsulting | United States | Professional Services |
| 9 | Lamashtu | 1 | Patayafood.com | Thailand | Agriculture & Food |
| 10 | World Leaks | 1 | Reliance group | India | Professional Services |
The summary table shows Qilin's significant activity, responsible for nearly half of all listed victims, with a focus on Energy & Utilities and Manufacturing. Groups like The_Gentlemen and DragonForce also operated consistently, attacking Government, Financial Services, and Real Estate. Prinz Eugen targeted a prominent Financial Services institution, Standard Bank Group, in South Africa. For more information on groups like Qilin and DragonForce, see our analysis on ransomware victims updates.
Victim Distribution
By Country
- United States: 22
- United Kingdom: 2
- Japan: 2
- India: 2
- Brazil: 1
- Turkey: 1
- Thailand: 1
- South Korea: 1
- South Africa: 1
- Philippines: 1
By Industry
- Law Firms & Legal Services: 6
- Construction: 2
- Real Estate: 2
- Machinery Manufacturing: 2
- Jewelry Manufacturing: 1
- Advertising, Marketing & PR: 1
- Apparel Manufacturing: 1
- Civil Engineering: 1
- Computer Networking: 1
- Energy Efficiency Services: 1
The data shows a strong concentration of ransomware attacks against organizations in the United States, accounting for over half of all new victims. Law Firms & Legal Services was a leading target industry, suggesting a broader trend: professional services are often impacted by groups like The_Gentlemen ransomware.
Ransomware News
Topline
Law enforcement efforts disrupted a major cryptocurrency laundering service, while various threat actors targeted education, financial services, and Oracle PeopleSoft deployments.
Campaigns & Operations
Europol-led authorities dismantled the "AudiA6" cryptocurrency laundering service, arresting two administrators and seizing assets tied to over 15 international ransomware investigations. At the same time, the education sector faced multiple incidents. Great Marlow School in the UK confirmed a cyberattack, and Onslow County Schools in North Carolina experienced a districtwide outage that impacted phones and internet. ASEC reports ongoing BlackX ransomware campaigns against Korean and U.S. organizations. CrowdStrike's 2026 Financial Services Threat Report describes continued data-leak-and-ransom operations by Chinese and North Korean threat groups against financial services in the Asia-Pacific region.
Vulnerabilities & TTPs
ShinyHunters is actively exploiting a gadget chain of old and zero-day vulnerabilities to breach Oracle PeopleSoft deployments, affecting both cloud and on-prem instances and dropping ransom notes. North Korean campaigns frequently combine sophisticated social engineering, such as recruiter impersonation, with money-laundering networks. The dismantled AudiA6 service demonstrated a key TTP: it facilitated industrial-scale crypto laundering through thousands of fraudulent exchange accounts.
Analyst Note
These developments show the persistent nature of ransomware and cybercrime. These range from opportunistic exploitation to sophisticated state-sponsored financial operations and crucial law enforcement countermeasures.
Technical Takeaways
- Qilin remains an active ransomware group, significantly affecting the Energy & Utilities and Manufacturing sectors.
- The United States is the most frequently targeted country, with other targets across Europe and Asia.
- Law Firms & Legal Services was a concentrated target industry this period. This indicates a specific focus on sensitive data.
- The ShinyHunters group is using unpatched and zero-day vulnerabilities in Oracle PeopleSoft environments to exfiltrate data and deploy ransom notes.
- International law enforcement successfully disrupted a major cryptocurrency laundering operation, AudiA6. This highlights ongoing efforts to disrupt the financial systems that support ransomware.
