Who Is Qilin Targeting?

Qilin ransomware has impacted multiple industries globally, with a notable increase in attacks across the UK. Targets include:

• Healthcare Providers
  Example: Synnovis (UK), a pathology services firm supporting Guy’s and St Thomas’ NHS Trust, was attacked in June 2024. Surgeries were delayed, and patient data was exposed.
• Media Organisations
  Example: The Big Issue Group faced a Qilin attack in 2024, resulting in 550 GB of sensitive data being leaked online.
• Publishing & Print
  Example: US media conglomerate Lee Enterprises had 350 GB of data stolen across 75 newspapers.

Qilin thrives in industries where data privacy, availability, and reputation are critical.

HMRC VAT Refund Fraud

Although unrelated to ransomware, a recent cyber-enabled fraud involving HMRC highlights how attackers are exploiting stolen identities and system loopholes to commit large-scale financial crimes.

Key Highlights:

• Over 100,000 Government Gateway accounts were compromised via phishing attacks.
• Fraudsters submitted fake VAT and PAYE refund claims.
• £47 million in fraudulent payouts were made before HMRC locked affected accounts.

This incident, while not caused by ransomware, illustrates how phishing and stolen credentials—also used in Qilin attacks—can result in massive financial loss.

Qilin’s Double Extortion Strategy

Qilin uses a double extortion model, which means:

• Encrypt files to cripple operations
• Steal data to apply pressure
  Attackers leak stolen files on the dark web if the ransom isn’t paid.

This two-pronged approach means that even if you restore from backups, your sensitive data (customer records, contracts, IP) could be exposed publicly.

Qilin’s Double Extortion Strategy

• Files have unfamiliar extensions and are inaccessible.
• You discover a ransom note on the desktop or root folders.
• System performance degrades or admin tools behave abnormally.
• You receive extortion emails referencing your stolen data.

If you notice these signs, isolate infected machines and contact cyber security experts immediately.

How to Protect Your Business from Qilin Ransomware

• Implement Multi-Factor Authentication (MFA)
  Secures login credentials—even if passwords are compromised.
• Keep Software and Systems Up-to-Date
  Patch vulnerabilities in operating systems, applications, and remote access tools.
• Conduct Regular Security Awareness Training
  Educate staff to detect phishing emails and social engineering attempts.
• Backup Your Data Securely
  Store offline, encrypted backups and test restore procedures frequently.
• Use Endpoint Detection & Response (EDR)
  Identify and isolate threats before they spread across the network.
• Segment Your Network
  Restrict access to sensitive systems so attackers can’t move freely.
• Monitor Activity on HMRC Accounts
  If you use VAT or PAYE services, ensure no fraudulent submissions are made on your behalf.
• Get Certified
  Cyber Essentials or ISO 27001 certification adds credibility and practical protection.

What to Do if You’re a Victim

• Isolate Infected Systems
  Disconnect from the network to stop further spread.
• Contact Cybersecurity Experts
  Incident response teams can help contain and investigate the breach.
• Report the Attack
  Notify the National Cyber Security Centre (NCSC) and Action Fraud.
• Avoid Paying the Ransom
  Payment doesn’t guarantee data recovery or protection.
• Communicate Transparently
  Notify customers and stakeholders if their data may be affected.

The rise of Qilin ransomware and related cyber threats like the HMRC fraud shows how crucial it is for UK businesses to take cybersecurity seriously. Whether through phishing, system exploitation, or identity theft, attackers are looking for any opportunity to profit from your data.Investing in prevention, detection, and response strategies is no longer optional—it’s essential.