Priests for Life Ransomware Attack by Qilin (April 2026)

Claim Summary

On April 24, 2026, the ransomware group Qilin allegedly added the US-based pro-life ministry Priests for Life to its dark web leak site. The group claims to have exfiltrated data from the organization’s network, though no specific data samples, file listings, or volume details have been released. The attack date is listed as April 24, 2026. This claim has NOT been independently verified by Yazoul Security.

Threat Actor Profile

Qilin (also tracked as Agenda) is a ransomware-as-a-service (RaaS) operation first observed in 2022. The group is known for targeting organizations across multiple sectors, including healthcare, education, and government. According to available intelligence, Qilin has claimed 1,617 victims to date, indicating a high-volume operation.

The group’s known toolset includes:

• Mimikatz: Credential dumping tool
• EDRSandBlast: EDR evasion tool
• PCHunter / PowerTool: Kernel-level process and driver manipulation
• Nmap / Nping: Network scanning and reconnaissance
• EasyUpload.io / MEGA: Exfiltration platforms

Qilin is known for double extortion tactics - encrypting systems while exfiltrating data, then threatening to publish stolen information unless a ransom is paid. The group has previously targeted VMware ESXi environments using custom PowerShell scripts, as documented by Trend Micro and Google Cloud threat intelligence.

Research references:

• Secureworks tracks Qilin as “Gold Feather”
• Trend Micro documented Agenda ransomware propagation to vCenter and ESXi
• Google Cloud’s Threat Intelligence group (UNC3944) has analyzed Qilin’s SMS phishing and SIM swapping campaigns

Alleged Data Exposure

At this time, Qilin has not published any data samples, file listings, or specific details about the alleged breach. The data volume is listed as “Undisclosed.” This is unusual for Qilin, which typically releases at least a sample to pressure victims. The lack of evidence may indicate:

• The claim is premature or exaggerated
• Negotiations are ongoing
• The group is attempting to apply pressure without actual access

Potential Impact

If the claim is verified, the potential impact on Priests for Life could include:

• Donor data exposure: As a ministry, the organization likely maintains donor records, including names, contact information, and financial details
• Internal communications: Sensitive emails, strategic documents, and operational plans
• Reputational damage: Trust erosion among supporters and stakeholders
• Regulatory consequences: Potential state and federal data breach notification requirements

The organization’s domain (priestsforlife.org) suggests a focus on pro-life advocacy, which could make any leaked data particularly sensitive.

What to Watch For

• Official confirmation: Monitor Priests for Life’s website and official communications for any acknowledgment of a security incident
• Data publication: Qilin may release data samples or full archives if ransom demands are not met
• Secondary leaks: Stolen data could appear on other dark web forums or data leak sites
• Phishing campaigns: Threat actors may use stolen contact information for targeted phishing against donors

Disclaimer

This report is based on unverified claims made by the ransomware group Qilin on their dark web leak site. Yazoul Security has NOT independently verified the alleged breach, data exfiltration, or any other claims made by the threat actor. Ransomware groups routinely exaggerate or fabricate claims to pressure victims into paying ransoms. Organizations should not take any action based solely on this intelligence without further verification. No data samples, download links, credentials, or access methods are provided in this report.