Agenda Ransomware Propagates To vCenters And ESXi Servers
The Agenda ransomware known as Qilin and Water Galura has been active since 2022 targeting victims globally with the United States Argentina Australia and Thailand being key targets according to leak site data. It has affected various industries including finance law healthcare construction and technology. A new version of the malware utilizes Remote Monitoring and Management (RMM) tools and Cobalt Strike for deployment. It spreads via PsExec SSH and exploits vulnerable SYS drivers like YDark and Spyboys Terminator for evasion. Additionally it can print ransom notes on connected printers using PowerShell commands.