Qilin Ransomware Strikes Six Organizations Across Five Countries in Early June 2026 Between June 2–3, 2026, the Qilin ransomware group claimed six victims spanning five countries and multiple critical sectors. The targeted organizations included Nova Medical Products (US, healthcare and medical devices), Clinica Maitenes (Chile, healthcare), JNP ENG (South Korea, manufacturing and engineering), MarketJoy (US, consumer services), Eat Salad (Brazil, food and agriculture), and MEISA – Sines (Portugal, energy). This latest batch aligns with Qilin’s established pattern of multi-sector, geographically dispersed attacks, reinforcing its status as one of the most active ransomware operations. Since its emergence in October 2022, the group has claimed 1,888 victims, leveraging a ransomware-as-a-service (RaaS) model with double-extortion tactics encrypting systems and threatening to leak stolen data unless ransom demands are met. Among the victims, Nova Medical Products stands out due to the high-value data it holds, including patient records, clinical validation documents, and FDA regulatory submissions. Such information presents a dual extortion risk, violating HIPAA privacy laws while exposing proprietary regulatory data. Meanwhile, MEISA – Sines, an energy sector company based at Portugal’s Port of Sines a key European energy hub highlights Qilin’s targeting of critical infrastructure. Though no operational disruptions have been confirmed, the attack underscores the broader risks posed by ransomware in logistics-dependent industries. The diversity of victims spanning healthcare, energy, manufacturing, and consumer services across North America, South America, Europe, and Asia-Pacific reflects Qilin’s affiliate-driven model. Independent operators select targets based on their own access and negotiation strategies, while the core group provides the encryption and leak infrastructure. This decentralized approach results in a seemingly random but highly effective victim distribution, with healthcare remaining a recurring focus due to its data sensitivity and operational vulnerabilities.