While the Everest ransomware group has recently claimed responsibility for breaching the servers of automotive giant BMW and extracting sensitive data, a new report from cybersecurity firm Cyble reveals an even more concerning trend. The Qilin Ransomware group has reportedly compromised over 104 victims in August 2025 alone. This marks an alarming rise in their operations, with Akira and Sinobi, along with The Gentlemen, following closely behind in terms of victim count.
Qilin’s surge in activity can be attributed to several key factors. The group has managed to create a highly attractive business model, primarily driven by offering lucrative incentives to affiliates and leveraging a well-organized ransomware-as-a-service (RaaS) framework. This model has not only made it easy for seasoned cybercriminals to launch attacks, but has also opened the door for newcomers in the cybercrime industry to quickly scale their operations.
What sets Qilin apart from other ransomware groups is its sophistication in operations and its unique approach to attracting fresh talent. They go beyond just offering ransomware tools; they provide a level of customer support and even educational resources to help new recruits learn how to effectively spread the malware and generate revenue from their victims. This “teach-to-earn” model is an innovative way of ensuring that affiliates are well-equipped to carry out attacks with a higher degree of success, making Qilin a formidable player in the world of cybercrime.
Industries hit hardest by Qilin’s recent campaign include construction, manufacturing, healthcare, finance, IT, and technology sectors. These industries often store highly sensitive information, making them prime targets for ransomware operators seeking financial gain. Geographically, the group’s reach has been particularly wide, with the United States, Australia, and the United Kingdom being among the hardest-hit countries.
While the growing frequency of ransomware attacks is a cause for concern, it’s important to note another noteworthy development: in the last three months alone, over 13 ransomware gangs have been dismantled. Experts attribute this wave of shutdowns to the increased vigilance of global law enforcement agencies. Agencies like the FBI, Europol, and the National Crime Agency (NCA) have been stepping up their efforts to combat cybercrime, sharing intelligence and expertise on how ransomware operations are conducted and the impact they have on victims.
This collaboration across borders is proving to be effective, as law enforcement agencies continue to dismantle high-profile cybercriminal organizations. Their ability to identify, track, and disrupt the operations of these gangs highlights the increasing effectiveness of global cybersecurity initiatives. However, while these arrests and shutdowns represent a significant victory, the rise of groups like Qilin indicates that the battle is far from over.
In conclusion, the ransomware landscape is evolving rapidly. On one hand, there’s a troubling rise in the number and sophistication of ransomware gangs. On the other, the increasing cooperation between global law enforcement agencies offers a ray of hope in this ongoing battle against cybercrime.
Join our LinkedIn group Information Security Community!
