New “Agenda” Ransomware Allow Attackers Customize Payloads for Each Victim

Share post:

Researchers from Trend Micro have uncovered Agenda, a new ransomware strain written in Golang that is used in the wild to target health and education facilities in Indonesia, Saudi Arabia, South Africa and Thailand.

A threat actor identified as Qilin is advertising the ransomware on the dark web. Qilin claims the ransomware offers affiliates the ability to customize the binary payloads for each victim.

This feature allows the operators to decide on the ransom note, the encryption extension and the list of processes and services that must be terminated before the encryption process begins.

The ransomware also has techniques for detection evasion. The techniques use the ‘safe mode’ feature of a device to continue with its file encryption undetected, but not before the password of the user is changed and an automatic login is enabled.

Agenda also has a unique feature that makes it possible to infect an entire network and its shared drivers.

After successful encryption Agenda renames the files with the configured extension, places the ransom note in each encrypted directory and restarts the computer in normal mode.

Although the ransom demanded by the attackers varies from company to company, the ransom demanded is estimated at US$50,000 to US$800,000.

The sources for this piece include an article in TheHackerNews.

SUBSCRIBE NOW

Related articles

Microsoft Ends Support for Office 365 Apps on Windows 10: Hashtag Trending for Friday, January 17, 2025

Microsoft announces they won’t support  Office 365 on Windows 10, D-Wave achieves a quantum computing milestone, TikTok prepares...

Hackers Mount High Speed Microsoft 365 Attack: Cyber Security Today – January 17, 2025

Hackers exploit a high-speed Go library to target Microsoft 365 accounts worldwide, North Korea’s Lazarus group lures developers...

North Korean Job Scam Targeting IT Job Seekers

North Korea’s Lazarus advanced persistent threat (APT) group has launched a sophisticated campaign, “Operation 99,” targeting freelance software...

Hackers Exploit FastHTTP in High-Speed Microsoft 365 Attacks

Threat actors are employing the FastHTTP Go library to launch high-speed brute-force password attacks on Microsoft 365 accounts...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways