Qilin Ransomware Group Claims Breach of Chemical Giant Dow Inc.

The Qilin ransomware group has claimed responsibility for a breach of Dow Inc., one of the world's largest chemical manufacturers, according to a report by Security Affairs published Tuesday. Dow is a Fortune 50 company with approximately $45 billion in annual revenue and operations spanning more than 30 countries. A confirmed intrusion would rank among the most significant ransomware incidents targeting U.S. industrial companies in recent years. Qilin, also tracked as Agenda, is a ransomware-as-a-service operation that has been active since 2022 and has claimed attacks on organizations in healthcare, education, critical infrastructure, and manufacturing. The group typically exfiltrates data before deploying file-encrypting ransomware, threatening to publish stolen material on its dark web leak site if victims do not pay. The claim has not been independently verified or confirmed by Dow at time of publication. Ransomware groups sometimes post unverified or exaggerated claims to pressure potential victims into negotiating, making initial reports require corroboration. Dow had not issued a public statement acknowledging any incident. Manufacturing and chemical companies have become increasingly prominent ransomware targets given their operational technology environments, which often include industrial control systems that cannot be easily patched and where disruption carries safety as well as financial consequences. Qilin gained broader attention in 2024 following an attack on Synnovis, a UK pathology services provider, that disrupted blood transfusion services at major London hospitals and forced the postponement of thousands of medical procedures. The group was also linked to attacks on several Australian organizations. Dow did not respond to Security Affairs' request for comment at time of publication.