Skip to main content
HomeTopicsQilin

Qilin

We've curated 42 cybersecurity statistics about Qilin to help you understand how this emerging threat, which blends advanced malware techniques with deception strategies, is evolving in 2025.

Showing 1-20 of 42 results

The Qilin ransomware group was linked to ransomware incidents in 26 of the 31 countries analysed.

Black Kite6/28/2026
RansomwareThreat Actors

Qilin was responsible for 59 finance-sector incidents in the past year.

Black Kite6/6/2026
Threat ActorsRansomware

In September 2025, Qilin's compromise of a single South Korean MSP affected 32 financial institutions and resulted in over 2 terabytes of stolen data.

Black Kite6/6/2026
RansomwareData Theft

Among publicly disclosed attacks, Qilin was responsible for 22 attacks (8%), ShinyHunters 16 attacks (6%), and INC 11 attacks (4%).

BlackFog5/27/2026
RansomwareRansomware Groups

Among undisclosed ransomware attacks in Q1 2026, Qilin led with 339 attacks (16%), The Gentlemen 200 attacks (9%), and Akira 190 attacks (9%).

BlackFog5/27/2026
RansomwareRansomware Groups

In 2025, the Qilin group was responsible for 12.8% of ransomware attacks.

Cognyte5/27/2026
RansomwareThreat Actors

Activity from the Qilin ransomware group declined by 25% and activity from the Akira ransomware group declined by 22%.

GuidePoint Security5/27/2026
RansomwareThreat Actors

According to their data leak site, in 2025, Qilin targeted more than 40 victims every month except January.

Cisco Talos5/27/2026
Ransomware

Qilin was the most seen ransomware variant in 2025.

Cisco Talos5/27/2026
Ransomware

Qilin affiliates take home a significant portion of their ransom payments (up to 80 - 85%), higher than typical RaaS payout structures.

Cisco Talos5/27/2026
RansomwareRaaS

Qilin led global ransomware activity, responsible for 15% of published attacks in February.

Check Point5/27/2026
Ransomware

The number of ransomware variants in LATAM rose from 48 to 79 with the most impactful gangs being the Qilin, The Gentlemen, SafePay, Akira and Inc. groups.

Intel4715/27/2026
LATAMRansomware

The Qilin ransomware group claimed 1,115 victims in 2025, making it the most active ransomware group across disclosed and undisclosed attacks.

BlackFog2/14/2026
RansomwareThreat Actors

In Q3 2025, Qilin ransomware accounted for approximately 18% of Beazley Security incident response cases.

Beazley Security11/22/2025
Ransomware

In Q3 2025, Akira, Qilin, and INC Ransomware accounted for 65% of all ransomware cases investigated by Beazley Security.

Beazley Security11/22/2025
RansomwareAkira

In Q3 2025, Qilin ransomware claimed 271 posts on their public leak site.

Beazley Security11/22/2025
RansomwareLeak sites

In 2025, Cisco Talos reported multiple incidents related to Qilin ransomware.

Cisco Talos Blog11/1/2025
Ransomware

Approximately 23% of all reported cases of Qilin ransomware affected the manufacturing sector.

Cisco Talos Blog11/1/2025
Ransomwaremanufacturing

The number of victims whose information was posted on the Qilin ransomware leak site peaked at 100 cases in June 2025.

Cisco Talos Blog11/1/2025
Ransomware

Around 18% of Qilin ransomware cases impacted professional and scientific services.

Cisco Talos Blog11/1/2025
Ransomware