Qilin attacks Kinematica Science & Development

Incident Date: Feb 24, 2024

Attack Overview

VICTIM

Kinematica Science & Development

INDUSTRY

Manufacturing

LOCATION

Switzerland

ATTACKER

Qilin

FIRST REPORTED

February 24, 2024

Request Removal

Qilin Ransomware Targets Kinematica AG

Qilin ransomware posted a public notice about its latest victims, one of which is Kinematica AG. Despite publishing the announcement, Qilin didn’t detail anything else related to the attack, or post any information regarding how much data they’ve stolen, the deadline for negotiations, or anything else of interest.

Kinematica Science & Development opened its doors 2020. It focuses on research and development to realize innovative projects in the field of homogenization.

The Emergence of Qilin Ransomware

Qilin (aka Agenda) is a RaaS (Ransomware-as-a-Service) operation that first emerged in July of 2022 that is written in the Go and Rust programming languages and is capable of targeting Windows and Linux systems. Rust is a secure, cross-platform programming language that offers exceptional performance for concurrent processing, making it easier to evade security controls and develop variants to target multiple OSs.

Qilin operators are known to exploit vulnerable applications including Remote Desktop Protocol (RDP). Each Qilin ransomware attack employs tactics such as altering the filename extensions of encrypted files and terminating specific processes and services. The utilization of Rust as the ransomware's foundation proves particularly effective due to its evasive nature and inherent complexity, allowing for seamless customization across various operating systems such as Windows, Linux, and others.

Notably, the Qilin ransomware group can generate samples for both Windows and ESXi versions.

Qilin's Dark Web Presence and Double Extortion Technique

Qilin promotes its ransomware on the dark web, utilizing a proprietary DLS (Dedicated Leak Site) that contains distinctive company identifiers and leaked account information, as uncovered by experts from Group-IB Threat Intelligence.

The operators behind Qilin employ a double extortion technique, whereby they not only encrypt a victim's sensitive data but also exfiltrate it. Subsequently, they demand payment for a decryptor and insist on the non-disclosure of stolen data even after the ransom has been paid.

Qilin ransomware features multiple encryption modes, all under the control of the operator.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.