Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 916
- Points
- 113
The Qilin ransomware site disappeared after an attack on London hospitals.
Recorded Future specialists report that on June 5, the Qilin ransomware site suddenly stopped working. It was available in the morning, but later the error code 0xF2 started showing, which usually indicates that the site was moved to a new server. The reason for the site's unavailability is still unclear. Experts suggest that this may be the result of law enforcement actions or deliberate disabling of the site by the group itself.
Qilin website displays error 0xF2
If the Qilin website was taken down in response to an attack on medical facilities in London, which led to the introduction of an emergency regime, it would be a surprisingly quick response from law enforcement agencies.
It is worth noting that in recent months, law enforcement agencies have been conducting numerous operations to disrupt the activities of various groups of extortionists. It is possible, though not proven, that the international coalition already had access to Qilin's systems and chose this moment to disrupt the group's activities.
On the other hand, disabling a site doesn't necessarily indicate law enforcement actions, as .onion sites used by cybercrime groups are notoriously unreliable. It is possible that the group itself decided to disable the site to avoid additional attention after a major incident.
Affiliated members of the Qilin Group (Agenda), which provides ransomware - as-a-Service (RaaS), earn a lot of money from their cyber attacks. Qilin Group has been operating since at least August 2022 and provides its partners with 80% - 85% of the buyout amount.
Recorded Future specialists report that on June 5, the Qilin ransomware site suddenly stopped working. It was available in the morning, but later the error code 0xF2 started showing, which usually indicates that the site was moved to a new server. The reason for the site's unavailability is still unclear. Experts suggest that this may be the result of law enforcement actions or deliberate disabling of the site by the group itself.
Qilin website displays error 0xF2
If the Qilin website was taken down in response to an attack on medical facilities in London, which led to the introduction of an emergency regime, it would be a surprisingly quick response from law enforcement agencies.
It is worth noting that in recent months, law enforcement agencies have been conducting numerous operations to disrupt the activities of various groups of extortionists. It is possible, though not proven, that the international coalition already had access to Qilin's systems and chose this moment to disrupt the group's activities.
On the other hand, disabling a site doesn't necessarily indicate law enforcement actions, as .onion sites used by cybercrime groups are notoriously unreliable. It is possible that the group itself decided to disable the site to avoid additional attention after a major incident.
Affiliated members of the Qilin Group (Agenda), which provides ransomware - as-a-Service (RaaS), earn a lot of money from their cyber attacks. Qilin Group has been operating since at least August 2022 and provides its partners with 80% - 85% of the buyout amount.
