Kingsmill Resort Hit by Qilin Ransomware in Major Cyber Attack
Incident Date:
September 12, 2024
Overview
Title
Kingsmill Resort Hit by Qilin Ransomware in Major Cyber Attack
Victim
Kingsmill Resort
Attacker
Qilin
Location
First Reported
September 12, 2024
Qilin Ransomware Attack on Kingsmill Resort
On September 13, Kingsmill Resort, a premier Four Diamond-rated destination in Williamsburg, Virginia, fell victim to a ransomware attack orchestrated by the Qilin ransomware group. Known for its luxurious accommodations and extensive amenities, Kingsmill Resort is a significant player in the hospitality industry, making this breach particularly noteworthy.
About Kingsmill Resort
Established in 1969, Kingsmill Resort operates as a privately owned leisure facility offering a variety of accommodations, including guest rooms and condos. The resort is renowned for its high-end amenities, such as an award-winning spa, fitness center, marina, and multiple dining options. It also features three championship golf courses that have hosted numerous professional tournaments. Employing approximately 602 individuals, Kingsmill Resort generates an estimated annual revenue of $147.7 million.
Attack Overview
The ransomware attack was discovered on September 13, and the extent of the data leak remains unknown. The Qilin ransomware group, also known as Agenda, claimed responsibility for the attack via their dark web leak site. This incident highlights the vulnerabilities that even well-established and financially stable organizations face in the current cybersecurity landscape.
About Qilin Ransomware Group
Qilin, operating under a Ransomware-as-a-Service (RaaS) model, has been active since July 2022. The group employs a double extortion strategy, encrypting data and exfiltrating sensitive information to pressure victims into paying the ransom. Qilin's use of Rust-based malware enhances its evasion capabilities and allows for attacks across multiple operating systems, including Windows and Linux.
Penetration and Impact
Qilin typically gains initial access through phishing emails containing malicious links. Once inside the network, they utilize vulnerabilities to escalate privileges and exfiltrate data before encryption. The attack on Kingsmill Resort underscores the importance of advanced cybersecurity measures, as even a well-secured organization can fall prey to sophisticated threat actors.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.