In this episode, we take a deep dive into the Qilin ransomware group — now regarded as the world’s leading ransomware-as-a-service (RaaS) operation — and explore how it’s reshaping the cybercrime landscape in 2025.
Qilin, also known as Agenda, burst onto the scene in 2022 with a Go-based ransomware. It has since evolved into a highly evasive Rust-based malware platform targeting both Windows and Linux environments, including critical VMware ESXi servers. The group uses aggressive double extortion tactics — encrypting data while also threatening public exposure of stolen information — with ransom demands ranging from $50,000 to $800,000.
But what truly sets Qilin apart is its transformation into a full-service cybercrime platform, offering affiliates advanced tooling, data storage, spam and DDoS services, and — most controversially — a “Call Lawyer” feature designed to pressure victims with legal consultation during ransom negotiations. While some experts dismiss this legal counsel angle as a mere recruitment stunt, it has proven effective in unnerving corporate victims, especially in sectors like healthcare, manufacturing, and energy.
In 2024 alone, Qilin has amassed over $50 million in ransom payments from more than 60 attacks, shifting its targeting to critical infrastructure and operational technology companies worldwide. The group’s high-profile assaults — such as the $50 million ransom attack on Synnovis, a major UK healthcare provider — have caused severe disruptions, even impacting critical patient care.
We’ll unpack:
- Qilin’s evolution from a simple RaaS to a global cybercrime platform
- The unique legal pressure tactic and why it’s alarming defenders
- How Qilin’s affiliates, including groups like Scattered Spider, are exploiting the platform
- The malware’s sophisticated TTPs mapped to MITRE ATT&CK
- The shift toward targeting healthcare and critical OT systems
- Key defense and mitigation strategies organizations must adopt to combat this growing threat
If you want to understand how ransomware has morphed into a professionalized business model — and what comes next — don’t miss this episode.
