Fast Facts

• Canvas Church was listed as a victim by the Qilin ransomware group on December 6, 2025.
• The attack was first discovered and reported by ransomware.live, a watchdog tracking cyber extortion incidents.
• Qilin is a notorious ransomware gang known for targeting diverse sectors, including healthcare, education, and now, religious institutions.
• No sensitive data from Canvas Church has been publicly released, but the threat of exposure looms.
• Faith-based organizations are increasingly being targeted due to limited cybersecurity resources.

Sanctuaries Become Cyber Battlegrounds

On a chilly December morning, the digital peace of Canvas Church was shattered. Qilin, a well-known ransomware group, boasted about their breach - publicly naming the church as their latest conquest. The announcement, discovered by the vigilant eyes at ransomware.live, sent shockwaves through both the congregation and the wider community of faith-based organizations.

This is not an isolated incident. In recent years, cybercriminals have shifted their focus from the traditional targets of banks and corporations to less-defended institutions - schools, hospitals, and now, houses of worship. The logic is chillingly simple: these organizations often lack robust IT defenses, making them easy prey for digital pirates like Qilin.

Who is Qilin?

Named after a mythical creature, Qilin is anything but benevolent. The group has built a reputation in the cyber underground for its aggressive double-extortion tactics - encrypting a victim’s files and then threatening to release sensitive data unless a ransom is paid. Their operations are slick, leveraging dark web leak sites and public shaming to pressure victims into compliance.

Security researchers have linked Qilin to attacks across multiple continents, with targets ranging from medical networks in Europe to educational bodies in North America. The group’s willingness to target even churches underscores a disturbing trend: nothing is sacred in the world of cyber extortion.

The Bigger Picture: Faith-Based Groups in the Crosshairs

Why would hackers go after a church? The answer lies in both opportunity and leverage. Faith-based organizations often store personal data on members, donations, and sensitive communications - information that, if leaked, could have devastating social and reputational consequences. Moreover, their limited budgets for cybersecurity make them soft targets.

Earlier this year, several mosques and synagogues faced similar threats, according to a report by the CyberPeace Institute. The pattern is clear: as cybercriminals look for fresh targets, houses of worship are increasingly in the crosshairs.

While ransomware.live’s disclaimer clarifies that no stolen content is hosted or shared, the mere act of being listed by Qilin can cause fear and uncertainty. The psychological toll on congregations and clergy is real - and growing.

WIKICROOK

• Ransomware: Ransomware is malicious software that encrypts or locks data, demanding payment from victims to restore access to their files or systems.
• Double: Double extortion is a cyberattack where criminals both encrypt and steal data, threatening to leak it unless the victim pays a ransom.
• Dark web: La Dark Web è la parte nascosta di Internet, accessibile solo con software speciali, dove spesso si svolgono attività illegali e si garantisce l’anonimato.
• DNS Records: DNS records are digital instructions that direct internet traffic to the right servers, ensuring websites and services are accessible and secure.
• Leak site: A leak site is a website where cybercriminals post or threaten to post stolen data to pressure victims into paying a ransom.