Qilin Ransomware Hits UK Infrastructure Firm on365 in Major Cyber Attack
Incident Date:
August 16, 2024
Overview
Title
Qilin Ransomware Hits UK Infrastructure Firm on365 in Major Cyber Attack
Victim
on365
Attacker
Qilin
Location
First Reported
August 16, 2024
Qilin Ransomware Group Targets on365 in Major Cyber Attack
On365, a leading UK-based provider specializing in critical physical infrastructure and utility services, has fallen victim to a ransomware attack orchestrated by the Qilin group. The attackers have listed on365 on their dark web leak site, indicating a significant breach and potential exposure of sensitive information.
About on365
Established in 1984, on365 has built a strong reputation for delivering comprehensive support and technical services that encompass the entire lifecycle of mission-critical equipment. The company focuses on energy-efficient solutions across various sectors, including server rooms, edge closets, branch offices, and data centers. As a top Schneider Electric Elite Partner, on365 collaborates closely with Schneider Electric to provide advanced automation and digital solutions aimed at enhancing efficiency and sustainability.
With a diverse client base that includes public sector entities, SMEs, and large corporations such as NHS Trusts, universities, banks, and government organizations, on365 prides itself on its long-standing relationships with clients. The company offers extensive support services, including preventive maintenance, remote monitoring, and emergency response, which are critical for maintaining the operational integrity of mission-critical applications.
Attack Overview
The Qilin ransomware group, also known as Agenda, is a sophisticated Ransomware-as-a-Service (RaaS) operation believed to be of Russian origin. The group uses advanced tactics, such as data exfiltration and double extortion, to pressure victims into paying ransoms. Qilin has been particularly active in various sectors, including healthcare, automotive, and government agencies.
In the case of on365, the attackers have listed the company on their dark web leak site, suggesting that sensitive data may have been exfiltrated. The exact details of how the ransomware group penetrated on365's systems remain unclear, but common vulnerabilities include outdated security patches, weak passwords, and insufficient network segmentation.
Qilin Ransomware Group
Qilin distinguishes itself through its adaptability and cross-platform capabilities, symbolized by its name derived from a mythical Chinese creature. The group first appeared in October 2022 and has since targeted various organizations, causing significant disruptions. Their tactics often involve double extortion, where they not only encrypt the victim's data but also threaten to leak it unless a ransom is paid.
Qilin's attack on on365 underscores the growing threat of ransomware to critical infrastructure providers. Companies in this sector must remain vigilant and adopt effective cybersecurity measures to protect against such sophisticated threats.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.