CyberSecurity news
FlagThis
@cyble.com
//
The ransomware landscape is experiencing significant shifts in April 2025, with groups like Qilin taking center stage. Despite a general decline in ransomware attacks from 564 in March to 450 in April, the lowest level since November 2024, Qilin has surged to the top of the ransomware rankings. This rise is attributed to the realignment of cybercriminal groups within the chaotic Ransomware-as-a-Service (RaaS) ecosystem. Qilin is reportedly leveraging sophisticated tools and techniques, contributing to their increased success in recent months.
Qilin's success is partly due to the adoption of advanced tactics, techniques, and procedures (TTPs). Threat actors associated with Qilin have been observed utilizing malware such as SmokeLoader, along with a previously undocumented .NET compiled loader called NETXLOADER, in campaigns dating back to November 2024. NETXLOADER is a highly obfuscated loader designed to deploy additional malicious payloads and bypass traditional detection mechanisms, making it difficult to analyze. This loader plays a critical role in Qilin's stealthy malware delivery method. The surge in activity is reflected in the doubling of disclosures on Qilin's data leak site since February 2025, making it the top ransomware group in April.
The emergence of new actors like DragonForce is reshaping the threat landscape. The group is built for the gig economy. Its features include a 20% revenue share, white-label ransomware kits, pre-built infrastructure. DragonForce quickly moved to absorb affiliates following the April 2025 disappearance of RansomHub, pitching itself as an agile alternative to collapsed legacy operators. A historic surge in ransomware activity is occurring. A total of 2,289 publicly named ransomware victims were reported in just Q1 a 126% year-over-year increase, setting an all-time high. 74 distinct ransomware groups are now operating concurrently, highlighting an explosion of new actors and affiliate-driven threats.
ImgSrc: cyble.com
References :
Qilin's success is partly due to the adoption of advanced tactics, techniques, and procedures (TTPs). Threat actors associated with Qilin have been observed utilizing malware such as SmokeLoader, along with a previously undocumented .NET compiled loader called NETXLOADER, in campaigns dating back to November 2024. NETXLOADER is a highly obfuscated loader designed to deploy additional malicious payloads and bypass traditional detection mechanisms, making it difficult to analyze. This loader plays a critical role in Qilin's stealthy malware delivery method. The surge in activity is reflected in the doubling of disclosures on Qilin's data leak site since February 2025, making it the top ransomware group in April.
The emergence of new actors like DragonForce is reshaping the threat landscape. The group is built for the gig economy. Its features include a 20% revenue share, white-label ransomware kits, pre-built infrastructure. DragonForce quickly moved to absorb affiliates following the April 2025 disappearance of RansomHub, pitching itself as an agile alternative to collapsed legacy operators. A historic surge in ransomware activity is occurring. A total of 2,289 publicly named ransomware victims were reported in just Q1 a 126% year-over-year increase, setting an all-time high. 74 distinct ransomware groups are now operating concurrently, highlighting an explosion of new actors and affiliate-driven threats.
ImgSrc: cyble.com
Share:
References :
- cyble.com: Ransomware Attacks April 2025: Qilin Emerges from Chaos
- cyble.com: Global ransomware attacks in April 2025 declined to 450 from 564 in – the lowest level since November 2024 – as major changes among the leading Ransomware-as-a-Service (RaaS) groups caused many affiliates to align with new groups.
- The Hacker News: Qilin Ransomware Ranked Highest in April 2025 with Over 45 Data Leak Disclosures
- www.redpacketsecurity.com: [QILIN] – Ransomware Victim: www[.]hcsheriff[.]gov
Classification:
- HashTags: #ransomware #cybersecurity #databreach
- Company: Cyble
- Target: Global organizations
- Attacker: DragonForce
- Product: Ransomware
- Feature: Cyber Attacks
- Malware: Qilin
- Type: Ransomware
- Severity: Major