October 24, 2024 at 01:35PM
Cybersecurity researchers have identified a sophisticated variant of Qilin ransomware, named Qilin.B, featuring advanced encryption methods like AES-256-CTR and Chacha20. This ransomware disrupts backup systems and evades detection, posing significant threats, particularly to U.S. healthcare institutions, which face substantial financial losses from such attacks.
### Meeting Takeaways – October 24, 2024
**Overview of Qilin ransomware developments:**
– **New Variant**: The advanced version, named Qilin.B, has been discovered with enhanced sophistication aimed at evading detection.
– **Encryption Methods**:
– Supports AES-256-CTR for systems with AESNI capabilities while retaining Chacha20 for others.
– Uses RSA-4096 with OAEP padding for encryption keys, making decryption without the attacker’s private key impossible.
**Background Information:**
– Qilin ransomware, also known as Agenda, emerged in mid-2022 and transitioned from Golang to Rust for development.
– It operates as a ransomware-as-a-service (RaaS), allowing affiliates to keep 80-85% of ransom payments.
**Recent Attack Trends:**
– The latest attacks have involved the theft of credentials from Google Chrome, marking a shift from traditional double extortion tactics.
– Qilin.B showcases advanced operational capabilities, including:
– Enhanced encryption techniques.
– Defense evasion methods such as terminating security services, clearing Windows Event Logs, and self-deletion.
– Targeting backup processes (e.g., Veeam, SQL, SAP) and deleting volume shadow copies to hinder recovery.
**Emergence of New Threats:**
– **Embargo Ransomware**: A newly identified Rust-based ransomware also displays similar tendencies to evade detection using strategies like the BYOVD technique.
– **Malicious Loader and EDR Killer**:
– **MDeployer**: Facilitates the attack and executes the ransomware.
– **MS4Killer**: Targets and disables endpoint detection solutions.
– Both tools are also developed in Rust, signifying a strategic direction in development for these groups.
**Impact on Healthcare Sector:**
– 389 U.S. healthcare organizations were attacked this fiscal year, with costs reaching up to $900,000 daily due to disruptions.
– Among organizations that disclosed payments, the median ransom was $1.5 million with an average of $4.4 million for those that paid.
**Key Reports and Data:**
– Halcyon has reported on the advanced tactics of Qilin.B and noted the ongoing evolution of ransomware threats.
– Microsoft provided data on the scale of ransomware impact on healthcare institutions.
**Next Steps:**
– Stay informed on emerging ransomware threats and preventive measures.
– Explore further implications for cybersecurity strategies in sectors facing increased ransomware vulnerabilities.
**Follow-up:** If you found this information compelling, consider following us for more updates on cybersecurity trends and insights.