Attack Overview
VICTIM
Bright Wires
INDUSTRY
Telecommunications
LOCATION
United Arab Emirates
ATTACKER
Qilin
FIRST REPORTED
March 6, 2024

Bright Wires Targeted by Qilin Ransomware Group

Bright Wires has allegedly been attacked by the Qilin ransomware group, although no details have been given. Bright Wires Company is the general marketing, products, and services representative of many international vendors in Saudi Arabia. It is recognized as the Kingdom's leading provider of telecommunication, enterprise information technology, and electrical solutions.

About Qilin Ransomware

Qilin (aka Agenda) is a RaaS operation that first emerged in July of 2022 that is written in the Go and Rust programming languages and is capable of targeting Windows and Linux systems. Rust is a secure, cross-platform programming language that offers exceptional performance for concurrent processing, making it easier to evade security controls and develop variants to target multiple OSs.

Qilin operators are known to exploit vulnerable applications including Remote Desktop Protocol (RDP). Each Qilin ransomware attack employs tactics such as altering the filename extensions of encrypted files and terminating specific processes and services. The utilization of Rust as the ransomware's foundation proves particularly effective due to its evasive nature and inherent complexity, allowing for seamless customization across various operating systems such as Windows, Linux, and others.

Notably, the Qilin ransomware group can generate samples for both Windows and ESXi versions. Qilin promotes its ransomware on the dark web, utilizing a proprietary DLS (Dedicated Leak Site) that contains distinctive company identifiers and leaked account information, as uncovered by experts from Group-IB Threat Intelligence.

Double Extortion Technique

The operators behind Qilin employ a double extortion technique, whereby they not only encrypt a victim's sensitive data but also exfiltrate it. Subsequently, they demand payment for a decryptor and insist on the non-disclosure of stolen data even after the ransom has been paid. Qilin ransomware features multiple encryption modes, all under the control of the operator.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.