In Q3 2025, Qilin ransomware claimed 271 posts on their public leak site.

In Q3 2025, Qilin ransomware accounted for approximately 18% of Beazley Security incident response cases.

In Q3 2025, Akira, Qilin, and INC Ransomware accounted for 65% of all ransomware cases investigated by Beazley Security.

Approximately 23% of all reported cases of Qilin ransomware affected the manufacturing sector.

In the second half of 2025, the Qilin ransomware group published victim information at a rate exceeding 40 cases per month.

The number of victims whose information was posted on the Qilin ransomware leak site peaked at 100 cases in June 2025.

Around 18% of Qilin ransomware cases impacted professional and scientific services.

About 10% of Qilin ransomware cases were related to wholesale trade.

In 2025, Cisco Talos reported multiple incidents related to Qilin ransomware.

Qilin was responsible for 242 undisclosed ransomware attacks in Q3 2025, representing 16% of all undisclosed ransomware attacks.

Qilin was responsible for 16% of ransomware cases in Q3 2025..

The Qilin group was responsible for 20 ransomware incidents in Q3 2025.

Qilin recorded 234 victims (organizations and individuals) in Q3 2025.

Qilin claimed 10 healthcare organizations as victims in Q3 2025.

IncRansom, SafePay, and Qilin together accounted for 30% of the 118 healthcare organizations that were victims in Q3 2025.

Qilin's 234 victims comprised 15% of the total ransomware victims (organizations and individuals) for Q3 2025.

One individual's death was directly tied to the Qilin ransomware attack on Synnovis in June 2024.

Qilin's victim count was 234 organizations and individuals.

Qilin's activity marks a 318% YoY increase.

The Qilin campaign claimed 29 financial organizations headquartered in the Republic of Korea as victims to their DLS in a mid-September Qilin campaign.