ctipilot.ch

Qilin / Agenda

actor · actor:qilin single-source

Qilin / Agenda — Rust-based ransomware-as-a-service; Q3 2025 German operational tempo tripled (GTIG); 23 Q1 2026 healthcare claims

Coverage timeline
3
first 2026-05-04 → last 2026-05-11
Entries
3
2 distinct days
Sources cited
2
2 hosts
Sections touched
2
weekly-annual-reports, weekly-long-running
Co-occurring entities
2
see Related entities below
2026-05-043 appearances2026-05-11

Story timeline

  1. 2026-05-11Qilin / Agenda RaaS — April 2026 lead at 15% of global ransomware activity, Germany 5% of global victims
    weekly-long-runningQilin / Agenda RaaS — April 2026 lead at 15% of global ransomware activity, Germany 5% of global victims
  2. 2026-05-11Check Point April 2026 ransomware analysis — Qilin leads at 15%, Germany at 5% of global victims
    weekly-annual-reportsCheck Point April 2026 ransomware analysis — Qilin leads at 15%, Germany at 5% of global victims
  3. 2026-05-04Qilin / Agenda RaaS — Die Linke confirms Q2 2026 German activity continuity
    weekly-long-runningQilin / Agenda RaaS — Die Linke confirms Q2 2026 German activity continuity

Where this entity is cited

  • weekly-long-running2
  • weekly-annual-reports1

Source distribution

  • blog.checkpoint.com1 (50%)
  • cloud.google.com1 (50%)

Related entities

Entries about Qilin / Agenda (3)

2026-05-11 · view entry permalink →

Qilin / Agenda RaaS — April 2026 lead at 15% of global ransomware activity, Germany 5% of global victims

notable synthesis discovered 2026-05-11 05:00 UTC single-source

W19 long-running record (item:qilin-agenda-raas-die-linke-confirms-q2-2026-german-activity) tracked Qilin's continued German activity. W20 status: Check Point's April 2026 report confirms Qilin leads all RaaS operators at 15% of 707 published attacks in April; Germany's share at 5% of global ransomware victims is the elevated-DACH-exposure data point (Qilin DLS German-victim count cited by W1 horizon research as approximately 65 as of 2026-05-16 — uncorroborated leak-site enumeration that should be treated as a lower bound); Die Linke (German political party) confirmed Qilin compromise in March 2026 (W19 carry-over); no new Swiss-specific victim named in window (Check Point Research).

ransomware organized-crime europe dach

2026-05-11 · view entry permalink →

Check Point April 2026 ransomware analysis — Qilin leads at 15%, Germany at 5% of global victims

notable annual-report discovered 2026-05-11 05:00 UTC single-source

Check Point's April 2026 monthly threat report (published early May 2026) confirms Qilin / Agenda leading all ransomware operators with 15% of 707 published attacks in April; Germany is the third-most-targeted country globally at 5.0% of victims (US 41.6%); Europe accounts for 27% of ransomware victims globally. Sector targeting in April 2026: Business Services (33.8%), healthcare, manufacturing. The Gentlemen — despite the May 4 backend breach — remained in the top-7 operators with 320+ victims (Check Point Research, 2026-05-08). The synthesis the dailies did not yet absorb: Germany's 5% share of global ransomware victims is materially elevated compared to the 2024–2025 baseline (~2–3%); the Qilin DLS lists 65 German victims total as of 2026-05-16 (Check Point blog, dataset reference). For Swiss defenders: CH-DE cross-border operations (Swiss subsidiaries in DE, German subsidiaries of Swiss parents) inherit the German exposure level; this is the empirical basis for a DACH-region threat-modelling premium on ransomware-readiness exercises.

ransomware organized-crime europe dach

2026-05-04 · view entry permalink →

Qilin / Agenda RaaS — Die Linke confirms Q2 2026 German activity continuity

notable synthesis discovered 2026-05-04 05:00 UTC single-source

Current state: GTIG's Europe data-leak landscape (§ 6) documented Qilin tripling Q3 2025 operational tempo in Germany; Die Linke (Germany federal political party) confirmed Qilin encryption with 1.5 TB exfiltrated (covered 2026-05-08), state DPA notified — Qilin German activity continues into 2026-Q2. No public-claim shift or victim-list expansion beyond Die Linke this week. Outstanding question: whether Qilin's targeting of political and civil-society organisations expands into other 2026 EU election cycles.

ransomware data-breach europe dach