📓

Agenda operator

Aliases

Qilin, Water Galura

Tags

RansomOps

Attribution

💰Cybercrime

Incidents

Agenda Ransomware Targets ESXi and vCenter Servers

References

https://www.trendmicro.com/en_us/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.htmlhttps://www.sentinelone.com/anthology/agenda-qilin/

Last edited

Oct 14, 2024 1:40 PM

Status

Finalized

Cloud-fluent

Targeted geography

AfricaAsia

Targeted industries

Healthcare/MedicalEducation

Agenda ransomware, first identified in July 2022 and also known as Qilin, is a malicious software written in Golang that has quickly gained notoriety for its versatility and the significant threat it poses, especially to large enterprises and high-value targets, including organizations within the healthcare and education sectors primarily in Africa and Asia. Agenda distinguishes itself by supporting multiple encryption modes, all of which can be tailored by its operators to maximize damage and leverage during their double extortion scheme—demanding ransom not just for decrypting the affected files but also for withholding the release of stolen data. This pernicious ransomware infiltrates its targets through sophisticated phishing and spear-phishing campaigns, as well as by exploiting vulnerabilities in widely used applications and interfaces, such as Citrix and RDP, laying bare the critical importance of cybersecurity vigilance and robust defensive measures for organizations worldwide.