**********Qilin ransomware targets Faulkner County Sheriff's Office + Die Linke** [developing]
Key Questions
What is the Qilin ransomware attack on Faulkner County Sheriff's Office?
Qilin targeted the Faulkner County Sheriff's Office on April 3, using EDR killer TTPs like msimg32.dll, over 300 drivers, and ETW evasion. This is part of a government ransomware surge including WorldLeaks and Minot. DeXpose has released IOCs.
How was the German political party Die Linke affected?
Die Linke servers were hit by ransomware on March 27. This follows the Faulkner County attack and fits a pattern of targeting government entities. Details are emerging on darkweb forums.
What tactics did Qilin use in these attacks?
Qilin employed advanced EDR evasion techniques, including msimg32.dll injection, over 300 drivers, and ETW disabling. These TTPs were used against US law enforcement on April 3. IOCs are available from DeXpose.
What is the broader context of government ransomware surges?
There is a surge in ransomware against governments, including WorldLeaks, Minot, and healthcare targets alongside Faulkner and Die Linke. Qilin is a key actor in this trend. Monitoring continues on darkweb.
Where can more details on the Qilin attacks be found?
DeXpose reported on the Faulkner County Sheriff's Office attack with IOCs. Cybercrime Wire provides updates for April 4-5. Die Linke attack covered by DigitalShield.
Apr 3 US law enforcement hit; EDR killer TTPs (msimg32.dll/300+ drivers/ETW), Die Linke servers (Mar 27) internal/employee data exfil (members spared), authorities notified; gov ransomware surge.