Qilin ransomware EDR killers + OT/healthcare surge
Key Questions
How does Qilin ransomware disable security tools?
Qilin disables over 300 EDR drivers using msimg32.dll to evade detection during attacks. This capability supports its targeting of VPN and OT environments.
Which organizations have been impacted by Qilin ransomware?
Qilin has hit ChipSoft (affecting 80% of Dutch hospitals), AppDirect, Minidoka, Genesis, and Eyguières Town Hall in France on May 22. Additional victims include minsa.com.mx.
What is the trend in Qilin ransomware activity?
Qilin shows a +389% year-over-year increase in ransomware attacks, with an ongoing wave targeting healthcare and operational technology. French municipal systems and Mexican entities have also been affected.
Qilin disables 300+ EDR drivers via msimg32.dll. Hits: ChipSoft (80% NL hospitals), AppDirect, Minidoka, Genesis + French town hall (May 22). +389% YoY ransomware; VPN/OT targets. Ongoing wave of attacks.
Sources (2)
Updated May 29, 2026