October was a record month for ransomware group Qilin – 200 attacks recorded
According to Ransomlooker, a tool developed by Cybernews that tracks ransomware attacks, October was a record month for notorious ransomware gang Qilin – 200 attacks were recorded during the month. Attacks by Qilin have been steadily growing throughout all of 2025, but October’s spike is unprecedented.
Key insights:
Qilin claimed 200 ransomware attacks in October, 2025, by far the most ever carried out by the group in one month.
Attacks more than doubled compared to September, when 84 attacks were recorded.
Qilin is already responsible for 723 attacks in 2025 (as of November 3rd, 2025).
Qilin’s October victims include Israel’s 4th largest hospital, Shamir Medical Center, a large pharmacy benefit manager MedImpact, and Texas electric cooperatives.
In 2024, Qilin claimed 181 attacks. In 2023, there were 45, and in 2022, the gang claimed just 5 attacks.
Notorious for targeting hospitals and the manufacturing sector, the Qilin gang – once known as Agenda – first appeared on the ransomware circuit in 2022. However, its dark leak site claims it began operating in 2021.
Qilin has moved into the number one position as the most active ransomware gang in the past 12 months, aggressively outperforming ransomware rivals Cl0p Play, INC Ransom, and Akira.
Known for using a ransomware-as-a-service (RaaS) business model, the cybercriminal outfit often uses double extortion tactics on its victims, demanding a ransom for decryption and then a second payout to guarantee it will not leak the stolen files on the dark web after the fact.
Here’s a screenshot from the Ransomlooker tool, showing just how active Qilin has become in October compared to previous months:
This entry was posted on November 3, 2025 at 12:02 pm and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
October was a record month for ransomware group Qilin – 200 attacks recorded
According to Ransomlooker, a tool developed by Cybernews that tracks ransomware attacks, October was a record month for notorious ransomware gang Qilin – 200 attacks were recorded during the month. Attacks by Qilin have been steadily growing throughout all of 2025, but October’s spike is unprecedented.
Key insights:
Notorious for targeting hospitals and the manufacturing sector, the Qilin gang – once known as Agenda – first appeared on the ransomware circuit in 2022. However, its dark leak site claims it began operating in 2021.
Qilin has moved into the number one position as the most active ransomware gang in the past 12 months, aggressively outperforming ransomware rivals Cl0p Play, INC Ransom, and Akira.
Known for using a ransomware-as-a-service (RaaS) business model, the cybercriminal outfit often uses double extortion tactics on its victims, demanding a ransom for decryption and then a second payout to guarantee it will not leak the stolen files on the dark web after the fact.
Here’s a screenshot from the Ransomlooker tool, showing just how active Qilin has become in October compared to previous months:
Share this:
Like this:
Related
This entry was posted on November 3, 2025 at 12:02 pm and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.