The Qilin ransomware group reached over 700 attacks in 2025, making it one of the most prolific ransomware operations on record. Originally active since 2022, the group surged in activity after the collapse of RansomHub in April, when many of RansomHub’s affiliates reportedly migrated to Qilin’s ransomware-as-a-service (RaaS) model. Qilin’s victims span manufacturing, financial services, retail, healthcare, government, and education sectors. In total, the gang has claimed more than 116 terabytes of stolen data, although only a portion of attacks have been publicly confirmed.

Qilin’s affiliate-driven structure and double-extortion tactics allow it to scale rapidly and target critical sectors with little discrimination. The manufacturing industry alone saw 143 attacks claimed this year, while government entities and education also experienced steep upticks. U.S. organizations represent the largest share of victims, followed by several European nations. The rapid growth, broad sector scope, and data exfiltration focus highlight how ransomware operations are evolving into major systemic cyber-threats rather than isolated IT incidents.

‍

Source: https://industrialcyber.co/ransomware/qilin-ransomware-escalates-rapidly-in-2025-targeting-critical-sectors-with-700-attacks-amid-ransomhub-shutdown/