New data from Check Point Research and Cyble confirms that “Qilin” has emerged as the most active ransomware group in Q3 2025, averaging 75 victims per month. The group has aggressively recruited affiliates from defunct gangs like RansomHub and is heavily targeting the financial sector.
Business Impact
The ransomware landscape is consolidating around Qilin, making them a “super-predator.” Their highly sophisticated Rust-based ransomware and aggressive double-extortion tactics (specifically targeting high-value financial data) pose the single largest criminal threat to enterprises right now.
Why It Happened
Following law enforcement actions against LockBit and the exit of RansomHub, Qilin capitalized on the power vacuum. They offer better profit shares and more stable infrastructure to criminal affiliates, allowing them to scale operations rapidly.
Recommended Executive Action
Update your threat models to focus on Qilin’s TTPs (Tactics, Techniques, and Procedures). They are known for targeting Linux/ESXi environments and stealing data before encryption. Ensure your backup strategy explicitly covers these virtualized environments.
Hashtags: #Ransomware #Qilin #CyberCrime #ThreatIntel #Finance #CyberRisk #InfoSec #CheckPoint