The Qilin ransomware group claimed 1,115 victims in 2025, making it the most active ransomware group across disclosed and undisclosed attacks.

In Q3 2025, Qilin ransomware accounted for approximately 18% of Beazley Security incident response cases.

In Q3 2025, Qilin ransomware claimed 271 posts on their public leak site.

In Q3 2025, Akira, Qilin, and INC Ransomware accounted for 65% of all ransomware cases investigated by Beazley Security.

About 10% of Qilin ransomware cases were related to wholesale trade.

Approximately 23% of all reported cases of Qilin ransomware affected the manufacturing sector.

The number of victims whose information was posted on the Qilin ransomware leak site peaked at 100 cases in June 2025.

Around 18% of Qilin ransomware cases impacted professional and scientific services.

In the second half of 2025, the Qilin ransomware group published victim information at a rate exceeding 40 cases per month.

In 2025, Cisco Talos reported multiple incidents related to Qilin ransomware.

Qilin was responsible for 242 undisclosed ransomware attacks in Q3 2025, representing 16% of all undisclosed ransomware attacks.

The Qilin group was responsible for 20 ransomware incidents in Q3 2025.

Qilin was responsible for 16% of ransomware cases in Q3 2025..

Qilin's victim count was 234 organizations and individuals.

Qilin's 234 victims comprised 15% of the total ransomware victims (organizations and individuals) for Q3 2025.

One individual's death was directly tied to the Qilin ransomware attack on Synnovis in June 2024.

Qilin's activity marks a 318% YoY increase.

Qilin recorded 234 victims (organizations and individuals) in Q3 2025.

Qilin claimed 10 healthcare organizations as victims in Q3 2025.

IncRansom, SafePay, and Qilin together accounted for 30% of the 118 healthcare organizations that were victims in Q3 2025.