Water Galura

Overview

Water Galura are the operators of the Qilin Ransomware-as-a-Service (RaaS) who handle payload generation, ransom negotiations, and the publication of stolen data for Qilin affilates recruited on Russian cybercrime forums. Water Galura have been active since at least 2022 and use a double extortion model where they demand payment for providing decryption keys and for refraining from publishing the stolen data to their leak site.

TTPs — 3 techniques across 2 tactics

Tools & malware (2)

Qilin · Tor

Reporting (2)

• Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream — Bradshaw, A. et al
• Tracking Adversaries: The Qilin RaaS — Thomas, W