Cert2Connect

Agenda Ransomware Propagates To vCenters And ESXi Servers

The Agenda ransomware known as Qilin and Water Galura has been active since 2022 targeting victims globally with the United States Argentina Australia and Thailand being key targets according to leak site data. It has affected various industries including finance law healthcare construction and technology. A new version of the malware utilizes Remote Monitoring and Management (RMM) tools and Cobalt Strike for deployment. It spreads via PsExec SSH and exploits vulnerable SYS drivers like YDark and Spyboys Terminator for evasion. Additionally it can print ransom notes on connected printers using PowerShell commands.
Overzicht

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak