The Qilin ransomware group, known for its ransomware-as-a-service (RaaS) model, has recently unveiled a new feature called “Call Lawyer” on its affiliate panel, providing legal counsel to victims. This strategic move aims to apply additional pressure on companies to meet ransom demands while highlighting the cybercriminal group’s increasing prominence in the digital crime landscape.
According to Israeli cybersecurity firm Cybereason, the introduction of this feature marks a notable resurgence for Qilin as rival ransomware groups like LockBit and Black Cat face significant operational challenges. Qilin’s rapid growth is evident through data indicating that it was responsible for 72 victims in April 2025 alone, a figure that underscores its rising influence in the ransomware ecosystem.
In an analysis by Qualys, Qilin’s sophisticated infrastructure includes an array of services designed to enhance its operational capabilities, including legal guidance, advanced evasion features, and automated negotiation tools for affiliates. These developments have positioned Qilin not only as a ransomware operator but also as a comprehensive cybercrime service aimed at maximizing ransom payouts.
Moreover, the new capability of connecting victims with legal counsel is intended to further manipulate ransom negotiations. The psychological impact of having a lawyer involved in discussions could lead to increased payouts, as companies may seek to avoid potential legal ramifications stemming from data breaches. The evolution of Qilin’s services reflects a broader trend in the cybercrime milieu, where groups are continuously adapting to exploit vulnerabilities in corporate cybersecurity measures.