Ransomware Agenda

A new ransomware makes its appearance in the cyber world, the Agenda ransomware. Researchers have detected worrying moves on the part of this new group. In a short period of time they have already orchestrated several attacks targeting organizations in Asia and Africa.

The Agenda ransomware was developed in the Go programming language. A language widely used by hackers to develop malware.

The name Agenda comes from a post by a Dark Web user named ”Qilin” who is probably part of the ransomware distributors.

The group behind the Agenda ransomware executes well-targeted attacks on studied victim companies. In each invasion, the operating mode is very customized. In this way the Agenda ransomware is able to deeply damage company systems.

The ransomware is able to reboot systems into Windows safe mode and disrupts running server processes and services.

In an investigation into the group’s previous attack, researchers discovered that the group behind the Agenda ransomware used a Citrix server as an entry point into the victim’s environment.

Using leaked identities, the threat actors gained access to Active Directory via RDP and then scanned the network using the scanning tools Nmap.exe and Nping.exe.

With these strategies, the Agenda ransomware infected data from healthcare and education organizations in Indonesia, Thailand, Saudi Arabia, and South Africa.

Its ransom demands are relatively high and can range from $50,000 to $800,000.

Of course, an attack of this magnitude can turn many companies or organizations upside down. And at such times it is crucial to have competent professionals that can turn the situation around.

Recovering files encrypted by ransomware Agenda

Digital Recovery has been in the data recovery market for over 23 years. In that time we have managed to build a solid team of experts who act to recover data encrypted by ransomware.

We have developed unique solutions to recover encrypted files on almost all types of storage devices, such as servers, databases, virtual machines, RAID systems, and others.

All these solutions can be executed remotely and deployed quickly and securely to any company or organization worldwide.

We rely on confidentiality in our services because we understand the importance of guaranteed anonymity for our own customers. Also provide a confidentiality agreement (NDA).

We can start the recovery process immediately, just contact us and request an advanced diagnostic.

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that

Recuperar Ransomware Makop

Makop Ransomware

Makop ransomware has been expanding through its affiliate program, RaaS (Ransomware as a Service), a tactic that aims to seek partners to carry out attacks


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.