Qilin Ransomware Emerges as a Major Threat Targeting Windows, Linux, and ESXi Systems

Qilin ransomware has emerged as a formidable force, rapidly ascending to prominence amid the collapse of once-dominant groups like RansomHub and LockBit in 2025.

Active since October 2022, Qilin has solidified its position through a sophisticated Ransomware-as-a-Service (RaaS) model, offering affiliates advanced tools and infrastructure while claiming 15-20% of ransom payments.

Its ability to target Windows, Linux, and ESXi systems with custom-built malware written in Rust and C showcases a technical prowess that sets it apart.

A New Leader in the Ransomware Landscape

With over 100 organizations listed on its dark web leak site and ransom demands ranging from $50,000 to $800,000, Qilin is not just filling the void left by fallen ransomware giants but redefining the landscape with a full-service cybercrime platform.

Qilin’s technical capabilities are a testament to its threat level, as it deploys payloads with ...