Ransomware Group

Agenda

Also known as: Qilin variant

Status: active • First seen 2022-0875+ known victims

Agenda restarts computers into Safe Mode where security software does not run, then encrypts all the files. They have versions for both Windows and Linux.

Overview

Agenda ransomware has variants written in both Go and Rust. The group abuses Windows Safe Mode to evade security software during encryption.

Target Industries

Healthcare, Manufacturing, Education, Technology

How They Attack

  • Go and Rust variants
  • Safe mode abuse
  • VMware targeting
  • Multi-language payloads

Notable Victims

Indonesian companies (2022), Healthcare providers

Is your business exposed?

How to Protect Against Agenda

  1. 1.

    Protect Safe Mode with passwords

  2. 2.

    Monitor for multi-language malware

  3. 3.

    Deploy VMware security controls

MITRE ATT&CK Techniques

T1486, T1562, T1059, T1078

Related Groups

Qilin

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices