Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

Warning Over “Industrialized” Cyber-Attacks by Ransomware Gang

July 3, 2026

Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts

July 3, 2026

AI is Already Powering Cyber-Attacks. Can it Power Cyber Defense?

July 3, 2026
Facebook X (Twitter) Instagram
Friday, July 3
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»Qilin Dominates Ransomware Market – Infosecurity Magazine
News

Qilin Dominates Ransomware Market – Infosecurity Magazine

Team-CWDBy Team-CWDJuly 3, 2026No Comments4 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


The ransomware ecosystem is moving from fragmentation back to consolidation, with Qilin emerging as the dominant ransomware-as-a-service (RaaS) operation after the disruption of major groups including LockBit and RansomHub.

Yet despite Qilin’s strong position, the rapid emergence of other groups, such as The Gentlemen, demonstrates how quickly the cybercrime landscape continues to evolve.

Lotem Finkelstein, VP research at Check Point, highlighted that based on the cybersecurity firm’s research in their 2026 Cyber Security Report, Qilin now holds around 16% of the cybercriminal market share.

Qilin has been active since at least October 2022 and today operates a technically mature infrastructure.

Speaking to Infosecurity Finkelstein said, “Over the last few months, what we have observed is that they are consolidating again and becoming major ransomware groups.”

Recent data from Sophos X-Ops Counter Threat Unit (CTU) seen by Infosecurity showed that over the last 12 months, from July 2026, Qilin has listed 1496 victims on its data leak site. Meanwhile, Akira stands at 1205 and The Gentlemen at 763.

Aiden Sinnott, principal threat researcher, Sophos X-Ops CTU, concurred with Finkelstein’s assessment, “Qilin has become dominant largely because it was the main beneficiary of ransomware market consolidation following major law enforcement activity.”

The attraction for affiliates to join the Qilin operation comes because it offered high affiliate payouts, mature infrastructure, continuous technical innovation and expanded extortion services.

This came at exactly the time that competing RaaS programs such as LockBit, ALPHV and RansomHub were collapsing.

“The result was a rapid influx of experienced affiliates and a sharp increase in victim volume,” Sinnott said.  

Finkelstein added that affiliates are now empowered with AI tools to conduct their campaigns, meaning the barrier to entry is lower and less technical knowhow is needed for aspiring cybercriminals.

The Gentlemen Rises

However, according to Comparitech data there is another group that looks to be vying for market domination.

The cybersecurity reviews platform found that in June 2026 The Gentlemen knocked Qilin off the top spot for the first time in many months, becoming the month’s most prolific ransomware strain with 115 victims, compared to Qilin’s 78. 

Rebecca Moody, head of data research at Comparitech, noted that over half of Qilin’s targets tended to be US-based, however less than one in five of the Gentlemen’s June victims were from the US.

Research published by Check Point in April found that The Gentlemen was gaining 

A leak of an internal database used by the group in May showed operational information about their infrastructure, affiliates and victims. 

This leak included screenshots from ransom negotiations, showing a successful case where the group received $190,000, after starting with an initial demand (anchor) of $250,000.

Qilin’s Growth Could Bring Challenges

Whether Qilin will retain the top-spot as the year progresses is yet to be seen. But Finkelstein highlighted that with notoriety comes unwanted attention from international authorities. He said expects law enforcement will undoubtedly look to act against Qilin in the future, as they did with LockBit.

“When [ransomware operators] were so fragmented, law enforcement wasn’t able to focus on a specific one of them, and now, when they have a group like Qilin growing so fast, we should expect [law enforcement action].”

Finkelstein noted that the group has become very creative regarding its tactics, using phishing campaigns as well as vulnerability exploitation.

On June 9, Check Point disclosed that a vulnerability in its own Remote Access VPN and Mobile Access solution was targeted by Qilin. Luckily, Finkelstein said, this only affected one customer.

“It was only a single case but it was one too many,” he said.

Check Point is using its Frontier AI Models Readiness Program to detect vulnerabilities in its own product portfolio.

As part of this program, the company has conducted large-scale AI-driven code scanning across our products, performed extensive security reviews, hardened components where needed, refined our time-to-patch procedures, and accelerated our protection development processes to meet the pace of emerging AI-driven threats.



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticlePublic PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw
Next Article AI is Already Powering Cyber-Attacks. Can it Power Cyber Defense?
Team-CWD
  • Website

Related Posts

News

Warning Over “Industrialized” Cyber-Attacks by Ransomware Gang

July 3, 2026
News

Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts

July 3, 2026
News

Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw

July 3, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

‘What happens online stays online’ and other cyberbullying myths, debunked

September 11, 2025

What to consider before asking an AI chatbot for health advice

May 27, 2026

Why you should never pay to get paid

September 15, 2025

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.