U.S. Department of Health and Human Services

The U.S. Department of Health and Human Services has documented significant financial losses due to Qilin ransomware attacks, with incidents causing damages ranging from $6 million to $40 million. These attacks primarily targeted healthcare and government agencies, causing severe disruptions and financial strain. The ransomware's sophisticated encryption techniques and evasion tactics have made it a formidable threat, leading to substantial financial and operational impacts.

Source: https://cybersecuritynews.com/qilin-ransomware-emergence/

TPRM report: https://scoringcyber.rankiteo.com/company/hhsgov

"id": "hhs821061925",
"linkid": "hhsgov",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': ['Healthcare',
                                     'Government agencies',
                                     'Manufacturing',
                                     'Legal',
                                     'Professional services',
                                     'Financial services']}],
 'attack_vector': ['Spearphishing campaigns',
                   'Remote Monitoring & Management software exploitation',
                   'Multifactor authentication bombing',
                   'SIM swapping techniques'],
 'data_breach': {'data_encryption': ['AES-256-CTR', 'OAEP', 'ChaCha20']},
 'description': 'Qilin ransomware has rapidly ascended to become the world’s '
                'most prevalent ransomware threat, accumulating over $50 '
                'million in ransom payments throughout 2024 alone. Originally '
                'developed as ‘Agent’ in 2022 and later recorded in the Rust '
                'programming language, this sophisticated malware has evolved '
                'into a formidable weapon targeting critical infrastructure '
                'across more than 25 countries.',
 'impact': {'financial_loss': ['$6 million to $40 million per incident'],
            'systems_affected': ['VMware ESXi infrastructure',
                                 'critical infrastructure']},
 'initial_access_broker': {'entry_point': ['Spearphishing campaigns',
                                           'Remote Monitoring & Management '
                                           'software exploitation',
                                           'Multifactor authentication bombing',
                                           'SIM swapping techniques'],
                           'high_value_targets': ['Manufacturing',
                                                  'Legal',
                                                  'Professional services',
                                                  'Financial services']},
 'motivation': 'Financial gain',
 'ransomware': {'data_encryption': ['AES-256-CTR', 'OAEP', 'ChaCha20'],
                'ransom_paid': ['Over $50 million in 2024'],
                'ransomware_strain': 'Qilin'},
 'recommendations': ['Immutable backup strategies targeting Windows Volume '
                     'Shadow Copy Service (VSS) deletion attempts',
                     'Zero Trust Architecture with network segmentation',
                     'Prioritize vulnerability patch management for '
                     'network-facing systems',
                     'Deploy multi-layered antivirus solutions',
                     'Conduct regular tabletop exercises focused on ransomware '
                     'scenarios'],
 'references': [{'source': 'FBI'},
                {'source': 'U.S. Department of Health and Human Services'},
                {'source': 'Qualys'},
                {'source': 'ANY.RUN'}],
 'threat_actor': ['Scattered Spiders', 'entities associated with North Korea'],
 'title': 'Qilin Ransomware Attacks',
 'type': 'Ransomware',
 'vulnerability_exploited': 'CVE-2023-27532'}