Resecurity has published a new report, “Qilin Ransomware and the Ghost Bulletproof Hosting Conglomerate.” Here is the introduction:
The following Resecurity report will explore the Qilin ransomware-as-a-service (RaaS) operation’s reliance on bullet-proof-hosting (BPH) infrastructures, with an emphasis on a network of rogue providers based in different parts of the world. Qilin is one of the most prolific and formidable threat groups extorting organizations today. Most notably, they recently claimed responsibility for the September ransomware attack that crippled operations and manufacturing functions at Japanese brewing conglomerate, Asahi Group Holdings, for nearly two weeks.
Qilin’s use of prominent BPH providers, highlights the latter’s role as critical infrastructure for cybercriminal operators. Rogue BPH services enable their clients to host content with minimal or no oversight. Frequently incorporated in pro-secrecy jurisdictions and structured across complex webs of anonymous and geographically distributed shell companies, BPH services are designed to be resilient to abuse complaints and even law enforcement intervention.
These malign infrastructures, and the pro-corporate secrecy regimes that shield them, enable destructive ransomware campaigns and other malicious cybercriminal operations to persist undisturbed for prolonged durations.
Read more at Resecurity.