The Qilin Ransomware Attack on Daiwa House Industry

The Qilin ransomware gang has attacked Daiwa House Industry. Daiwa House Industry is Japan's largest home builder, specializing in prefabricated houses. In addition to its headquarters, Daiwa House Industry also builds factories, shopping centers, and healthcare facilities. Qilin posted Daiwa House Industry to its data leak site on Jun 23rd, publishing 611.7GB of stolen "miscellaneous data".

Understanding Qilin's Ransomware Tactics

Qilin, a Ransomware-as-a-Service (RaaS) operation, uses a Rust-based ransomware to carry out targeted attacks on its victims. Each Qilin ransomware attack employs tactics such as altering the filename extensions of encrypted files and terminating specific processes and services. The utilization of Rust as the ransomware's foundation proves particularly effective due to its evasive nature and inherent complexity, allowing for seamless customization across various operating systems such as Windows, Linux, and others. Notably, the Qilin ransomware group can generate samples for both Windows and ESXi versions.

Qilin's Dark Web Promotions and Double Extortion Technique

Qilin promotes its ransomware on the dark web, utilizing a proprietary DLS (Dedicated Leak Site) that contains distinctive company identifiers and leaked account information, as uncovered by experts from Group-IB Threat Intelligence. The operators behind Qilin employ a double extortion technique whereby they not only encrypt a victim's sensitive data but also exfiltrate it. Subsequently, they demand payment for a decryptor and insist on the non-disclosure of stolen data even after the ransom has been paid.

Qilin ransomware features multiple encryption modes, all under the control of the operator.