Qilin, Water Galura
Agenda ransomware, first identified in July 2022 and also known as Qilin, is a malicious software written in Golang that has quickly gained notoriety for its versatility and the significant threat it poses, especially to large enterprises and high-value targets, including organizations within the healthcare and education sectors primarily in Africa and Asia. Agenda distinguishes itself by supporting multiple encryption modes, all of which can be tailored by its operators to maximize damage and leverage during their double extortion scheme—demanding ransom not just for decrypting the affected files but also for withholding the release of stolen data. This pernicious ransomware infiltrates its targets through sophisticated phishing and spear-phishing campaigns, as well as by exploiting vulnerabilities in widely used applications and interfaces, such as Citrix and RDP, laying bare the critical importance of cybersecurity vigilance and robust defensive measures for organizations worldwide.