New Qilin.B Ransomware Variant Boasts Enhanced Encryption and Defense Evasion
ID: 39022f55-17d4-58f9-96ac-85a1beb05bac
STIX ID: report--39022f55-17d4-58f9-96ac-85a1beb05bac
Feed Name: Halcyon Blog
Qilin.B is an enhanced version of the Qilin (Agenda) ransomware family that targets Windows (and Linux) environments via a RaaS model; it uses AES-256-CTR where AESNI is available (ChaCha20 otherwise) and protects keys with RSA-4096/OAEP. The variant includes persistence via autorun registry entries, backup corruption by deleting volume shadow copies, extensive defense-evasion (clearing Windows event logs, self-deletion, terminating security and backup services), and generates per-target ransom notes and configurable encrypted-file extensions for affiliate tracking.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.