Qilin Group Ransomware Attack on Beloin & Brown, LLC

Incident Date:

May 11, 2024

World map



Qilin Group Ransomware Attack on Beloin & Brown, LLC


Beloin & Brown, LLC




Atlanta, USA

Georgia, USA

First Reported

May 11, 2024

Ransomware Attack on Beloin & Brown, LLC by Qilin Group

Victim Profile

Beloin & Brown, LLC is a law firm based in Atlanta, Georgia, specializing in various areas of law including real estate, property tax, title litigation, professional malpractice, business litigation, business law, construction law, and bankruptcy law. The firm was founded by attorneys Frederic S. Beloin, Michael Welch, and Walter P. Walker in 1997. They represent notable clients in the industry and are located at 2550 Heritage Court, Suite 200, Atlanta, GA 30339.

Attack Details and Vulnerabilities

Beloin & Brown, LLC has reportedly fallen victim to a ransomware attack by the Qilin group. The attackers managed to exfiltrate 300 GB of sensitive data, including personnel records, contracts, and financial reports.

The company's vulnerabilities in being targeted by threat actors may stem from the sensitive nature of the legal information they handle, including client data and financial records. Additionally, the firm's website and network security measures may have been exploited by the Qilin group to gain unauthorized access to their systems.

Qilin Ransomware Group

The Qilin ransomware group, also known as Agenda, is a prominent ransomware-as-a-service (RaaS) group that emerged in 2022. They target critical infrastructure organizations worldwide, utilizing a double extortion technique where they encrypt data and threaten to release it if a ransom is not paid. Qilin ransomware attacks are highly customizable and written in Rust and Go programming languages, making them difficult to detect and decrypt.

The cybercriminal gang utilizes phishing emails containing malicious links to target victims and laterally move across their infrastructure to encrypt essential data. They have targeted organizations in various countries and pay out a significant portion of their earnings to affiliates, making them a notable threat in the cybersecurity landscape.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.