qilin

Known ransomware group ACTIVE

Also known as: Agenda

Active · high-tempo

Qilin (also tracked as Agenda) is a ransomware-as-a-service operation active since 2022, written in Rust and Go for cross-platform encryption of Windows, Linux, and VMware ESXi systems. It runs a double-extortion model, leaking stolen data on its dark-web site when victims refuse to pay, and rose to prominence after high-impact attacks on healthcare and critical-services targets.

Total Claims

Critical

—

Records Claimed

Industries Hit

Active span: Apr 10, 2026 – Jun 8, 2026 · 83 organizations targeted

Active · high-tempo

Actor Threat Profile

Activity Timeline

Peak: Apr 2026 (51)

Apr 2026

LessMore

Jun 2026

Share this profile

Top Targeted Industries

Healthcare 14

Manufacturing 11

Business Services 9

Financial Services 8

Agriculture and Food Production 5

Consumer Services 5

Tradecraft & Infrastructure

Documented tools

14 / 55

MITRE tactics / techniques

Known leak sites

CredentialTheftDefenseEvasionDiscoveryEnumExfiltrationLOLBASNetworkingOffsecRMM-Tools

Full intelligence profile on ransomware.live →

Targeted Organizations

The Banyans Health and Wellness Kinetic Education Opera Comique Central Florida Cosmetic & Family Dentistry Nova Medical Products Trican MEISA - Sines Clinica Maitenes Dillon Family Medicine Providence Medical Group Mindpath College Health ExpoCredit Salter HealthCare Majlis Perbandaran Alor Gajah CLINICA AVELLANEDA MEDICAL CENTER PNSB Insurance Brokers Sdn Bhd B.Care Medical Center Australian College of Business Intelligence Brand X Hydrovac Services Spirit Medical Transport Domaine Des Tournels Lindabury Fogel Capital Management Laclinic-Montreux Panal Seguros S.A.Le Maire de QUIBERON Norcal Training Center LSM Lee North Star Signs Standard-Examiner Star Precision Armstrong George Cohen Will Ophthalmology Apothebeauty Jayeff Construction MES Hybrid Document Systems See's Candies The Switch Enterprises Zinkan & Barker Development Leone Film Group SpA Lifeline PCS A & A Building Material Exclusive Networks Inspira Longwood Engineering Company Muller Technology Buckley Powder Cahbo Produkter Chelten House First County FCU KEMBA Indianapolis Credit Union Leistritz Turbine Technology SanCor Travel Expert Woodfields Consultants Denso Flipo Group Grupo ABC Marc Cain Point Four EPoS Solutions Priests for Life Progressive Propane B to B Visions City of Napoleon, Ohio Clearview Intelligence Manulife Wealth The FAFS Avitrans Ferguson Timar Heartland Steel Products Industrial Carrocera Arbuciense Kolin Turkey PTS Office Systems Safety Engineering Laboratories Sea Air International Forwarders STERIMED HS Technology Group Clearwater Marine Aquarium Gruppo ICM SPA Limkon A Roettgers Chalmers & Kubeck Hofland SAAM Towage

qilin

Activity Timeline

Share this profile

Top Targeted Industries

Tradecraft & Infrastructure

Targeted Organizations

Claims by qilin

Ransomware Claim: The Banyans Health and Wellness

Ransomware Claim: Kinetic Education

Ransomware Claim: Opera Comique

Ransomware Claim: Central Florida Cosmetic & Family Dentistry

Ransomware Claim: Nova Medical Products

Ransomware Claim: Trican

Ransomware Claim: MEISA - Sines

Ransomware Claim: Clinica Maitenes

Ransomware Claim: Dillon Family Medicine

Ransomware Claim: Providence Medical Group

Ransomware Claim: Mindpath College Health

Ransomware Claim: ExpoCredit

Ransomware Claim: Salter HealthCare

Ransomware Claim: Majlis Perbandaran Alor Gajah

Ransomware Claim: CLINICA AVELLANEDA MEDICAL CENTER

Ransomware Claim: PNSB Insurance Brokers Sdn Bhd

Ransomware Claim: B.Care Medical Center

Ransomware Claim: Australian College of Business Intelligence

Ransomware Claim: Brand X Hydrovac Services

Ransomware Claim: Spirit Medical Transport

Ransomware Claim: Domaine Des Tournels

Ransomware Claim: Lindabury

Ransomware Claim: Fogel Capital Management

Ransomware Claim: Laclinic-Montreux

Ransomware Claim: Panal Seguros S.A.

Ransomware Claim: Le Maire de QUIBERON

Ransomware Claim: Norcal Training Center

Ransomware Claim: LSM Lee

Ransomware Claim: North Star Signs

Ransomware Claim: Standard-Examiner

Ransomware Claim: Star Precision

Ransomware Claim: Armstrong George Cohen Will Ophthalmology

Ransomware Claim: Apothebeauty

Ransomware Claim: Jayeff Construction

Ransomware Claim: MES Hybrid Document Systems

Ransomware Claim: See's Candies

Ransomware Claim: The Switch Enterprises

Ransomware Claim: Zinkan & Barker Development

Ransomware Claim: Leone Film Group SpA

Ransomware Claim: Lifeline PCS

Ransomware Claim: A & A Building Material

Ransomware Claim: Exclusive Networks

Ransomware Claim: Inspira

Ransomware Claim: Longwood Engineering Company

Ransomware Claim: ﻿﻿Muller Technology

Ransomware Claim: Buckley Powder

Ransomware Claim: Cahbo Produkter

Ransomware Claim: Chelten House

Ransomware Claim: First County FCU

Ransomware Claim: KEMBA Indianapolis Credit Union

Ransomware Claim: Leistritz Turbine Technology

Ransomware Claim: SanCor

Ransomware Claim: Travel Expert

Ransomware Claim: Woodfields Consultants

Ransomware Claim: Denso

Ransomware Claim: Flipo Group

Ransomware Claim: Grupo ABC

Ransomware Claim: Marc Cain

Ransomware Claim: Point Four EPoS Solutions

Ransomware Claim: Priests for Life

Ransomware Claim: Progressive Propane

Ransomware Claim: B to B Visions

Ransomware Claim: City of Napoleon, Ohio

Ransomware Claim: Clearview Intelligence

Ransomware Claim: Manulife Wealth

Ransomware Claim: The FAFS

Ransomware Claim: Avitrans

Ransomware Claim: Ferguson Timar

Ransomware Claim: Heartland Steel Products

Ransomware Claim: Industrial Carrocera Arbuciense

Ransomware Claim: Kolin Turkey

Ransomware Claim: PTS Office Systems

Ransomware Claim: Safety Engineering Laboratories

Ransomware Claim: Muller Technology