Qilin Ransomware Strikes Six Organizations Across Five Countries in Early June 2026
Between June 2–3, 2026, the Qilin ransomware group claimed six victims spanning five countries and multiple critical sectors. The targeted organizations included Nova Medical Products (US, healthcare and medical devices), Clinica Maitenes (Chile, healthcare), JNP ENG (South Korea, manufacturing and engineering), MarketJoy (US, consumer services), Eat Salad (Brazil, food and agriculture), and MEISA – Sines (Portugal, energy).
This latest batch aligns with Qilin’s established pattern of multi-sector, geographically dispersed attacks, reinforcing its status as one of the most active ransomware operations. Since its emergence in October 2022, the group has claimed 1,888 victims, leveraging a ransomware-as-a-service (RaaS) model with double-extortion tactics encrypting systems and threatening to leak stolen data unless ransom demands are met.
Among the victims, Nova Medical Products stands out due to the high-value data it holds, including patient records, clinical validation documents, and FDA regulatory submissions. Such information presents a dual extortion risk, violating HIPAA privacy laws while exposing proprietary regulatory data. Meanwhile, MEISA – Sines, an energy sector company based at Portugal’s Port of Sines a key European energy hub highlights Qilin’s targeting of critical infrastructure. Though no operational disruptions have been confirmed, the attack underscores the broader risks posed by ransomware in logistics-dependent industries.
The diversity of victims spanning healthcare, energy, manufacturing, and consumer services across North America, South America, Europe, and Asia-Pacific reflects Qilin’s affiliate-driven model. Independent operators select targets based on their own access and negotiation strategies, while the core group provides the encryption and leak infrastructure. This decentralized approach results in a seemingly random but highly effective victim distribution, with healthcare remaining a recurring focus due to its data sensitivity and operational vulnerabilities.
MarketJoy TPRM report: https://www.rankiteo.com/company/marketjoy-inc.
JNP ENG TPRM report: https://www.rankiteo.com/company/jnpeng
MEISA – Sines TPRM report: https://www.rankiteo.com/company/meisa
"id": "jnpmeimar1780490277",
"linkid": "jnpeng, meisa, marketjoy-inc.",
"type": "Ransomware",
"date": "6/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Healthcare',
'location': 'US',
'name': 'Nova Medical Products',
'type': 'Healthcare and Medical Devices'},
{'industry': 'Healthcare',
'location': 'Chile',
'name': 'Clinica Maitenes',
'type': 'Healthcare'},
{'industry': 'Manufacturing',
'location': 'South Korea',
'name': 'JNP ENG',
'type': 'Manufacturing and Engineering'},
{'industry': 'Consumer Services',
'location': 'US',
'name': 'MarketJoy',
'type': 'Consumer Services'},
{'industry': 'Food and Agriculture',
'location': 'Brazil',
'name': 'Eat Salad',
'type': 'Food and Agriculture'},
{'industry': 'Energy',
'location': 'Portugal',
'name': 'MEISA – Sines',
'type': 'Energy'}],
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Patient records',
'Clinical validation documents',
'FDA regulatory submissions',
'Proprietary data']},
'date_detected': '2026-06-02',
'date_publicly_disclosed': '2026-06-03',
'description': 'Between June 2–3, 2026, the Qilin ransomware group claimed '
'six victims spanning five countries and multiple critical '
'sectors. The targeted organizations included Nova Medical '
'Products (US, healthcare and medical devices), Clinica '
'Maitenes (Chile, healthcare), JNP ENG (South Korea, '
'manufacturing and engineering), MarketJoy (US, consumer '
'services), Eat Salad (Brazil, food and agriculture), and '
'MEISA – Sines (Portugal, energy). The attack leveraged '
'double-extortion tactics, encrypting systems and threatening '
'to leak stolen data unless ransom demands were met.',
'impact': {'data_compromised': 'Patient records, clinical validation '
'documents, FDA regulatory submissions, '
'proprietary data',
'identity_theft_risk': 'High (patient records, PII)',
'legal_liabilities': 'HIPAA violations (Nova Medical Products)'},
'motivation': 'Financial gain (ransom), data extortion',
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransomware_strain': 'Qilin'},
'references': [{'date_accessed': '2026-06-03',
'source': 'Cyber Incident Description'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA']},
'threat_actor': 'Qilin ransomware group',
'title': 'Qilin Ransomware Strikes Six Organizations Across Five Countries in '
'Early June 2026',
'type': 'Ransomware'}