Qilin Ransomware Gang Introduces 'Call Lawyer' Feature to Intensify Victim Pressure
TL;DR
The Qilin ransomware group has introduced a “Call Lawyer” feature to pressure victims into paying ransoms. This new tactic, along with advanced tools and legal support, positions Qilin as a growing threat in the cybercrime landscape.
Introduction
The Qilin ransomware gang has escalated its operations by introducing a “Call Lawyer” feature, aimed at pressuring victims into paying ransoms. This development, reported by cybersecurity firm Cybereason, highlights Qilin’s aggressive tactics and its ambition to fill the void left by other cybercrime groups.
Qilin Ransomware: An Emerging Threat
The Qilin ransomware group, active since at least August 2022, gained significant attention in June 2024 for its attack on Synnovis, a UK governmental service provider for healthcare. The group employs “double extortion” tactics, where they steal and encrypt victims’ data, threatening to expose it unless a ransom is paid. Qilin operates on a Ransomware-as-a-Service (RaaS) model, providing affiliates with ransomware tools and infrastructure in exchange for a 15–20% share of the ransom payments.
New “Call Lawyer” Feature
Qilin’s latest innovation is the “Call Lawyer” feature, which offers legal consultation to affiliates during ransom negotiations. This tactic aims to intimidate victims by introducing legal risks, inflating potential damages, and enabling direct negotiations. The feature is part of Qilin’s broader strategy to offer a comprehensive cybercrime platform, including advanced tools, legal help, spam services, and massive data storage.
Advanced Capabilities
In addition to the “Call Lawyer” feature, Qilin has enhanced its capabilities with network propagation and a DDoS option introduced in April 2025. These upgrades make Qilin more adaptable and effective across various cyberattack scenarios. The group’s operational model, backed by legal support and advanced technology, positions it as a formidable player in the ransomware landscape.

Legal Support and Benefits
The “Call Lawyer” feature provides several benefits to Qilin’s affiliates, including:
- Advice on maximizing financial damage to non-compliant companies.
- Legal assessment of stolen data.
- Classification of violations according to applicable legal acts in different jurisdictions.
- Evaluation of potential damages, including lawsuits, legal costs, and reputational risks.
- Direct negotiations between the victim company and the lawyer.
Expert Insights
Cybersecurity experts emphasize the need for a proactive and well-rounded strategy to defend against sophisticated threats like Qilin ransomware. Measures such as strengthening user awareness, validating incident response, and hardening technical environments are crucial to building resilience and reducing exposure.
Conclusion
The Qilin ransomware group’s introduction of the “Call Lawyer” feature marks a significant escalation in its tactics. As Qilin continues to enhance its capabilities and expand its operations, organizations must remain vigilant and proactive in their cybersecurity measures to protect against this growing threat.
Additional Resources
For further insights, check out the following resources: