The Russia-linked ransomware group Qilin is now stealing credentials stored in Google Chrome browsers, expanding its cyberattack reach. Qilin operates as a Ransomware-as-a-Service (RaaS) and purportedly has an attractive affiliate payment structure, with affiliates allegedly earning 85% of ransom payments. While the Qilin affiliates carry out the attacks, the Qilin people negotiate the ransom payment.
Short Narrative:
Ransomware attacks have become a significant threat to organizations worldwide, causing financial losses and operational disruptions. Qilin, a relatively new player in this cybercrime arena, has introduced a dangerous twist to ransomware tactics. By targeting Google Chrome credentials, the group is expanding the scope of their attacks beyond the initial ransomware demand. This strategy not only compromises the primary target but also threatens the broader network and data security, highlighting the evolving danger of ransomware groups and their innovative methods.
Key Details:
- Attack Details: Qilin, linked to recent attacks on U.K. hospitals, was found stealing Chrome browser credentials from compromised networks.
- Tactics Used: Attackers accessed a VPN without multi-factor authentication, moved laterally, and deployed scripts to harvest Chrome-stored credentials.
- Security Flaw: The attack leveraged poor VPN security practices and the extensive use of Chrome for storing sensitive passwords.
- Potential Impact: Access to Chrome credentials could provide attackers with entry points to further exploits, posing risks beyond the initial ransomware attack.
Actionable Insight:
Organizations should enforce strict security measures, including multi-factor authentication and regular monitoring of credential storage practices, to defend against such evolving ransomware tactics.
Read More: Darktrace background research on Qilin
Whistleblower Request:
If you have information about ransomware activities or security breaches, please get in touch with us securely via our whistleblower system, Whistle42. Your confidentiality is guaranteed.
