Ransomware
New customizable Agenda ransomware examined
Share
Healthcare and education organizations in South Africa, Saudi Arabia, Indonesia, and Thailand are under attack from the new customizable Golang-based Agenda ransomware strain, The Hacker News reports.
Affiliates leveraging Agenda, which is being promoted by Qilin on the dark web, are being offered the capability to personalize binary payloads per victim, as well as decide on encryption extensions, terminable services and processes prior to encryption, and ransom notes, a Trend Micro study showed.
"Agenda can reboot systems in safe mode, attempts to stop many server-specific processes and services, and has multiple modes to run," said researchers.
The report also found that Agenda exploits impacted devices' "safe mode" functionality to evade detection, as well as abuses local account credentials for ransomware binary execution.
Attackers could also use Agenda to compromise an entire network along with its drivers, with one attack against a public Citrix server exploited to facilitate ransomware deployment in less than two days, according to researchers.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news