Agenda Ransomware

A new ransomware makes its appearance in the cyber world, the Agenda ransomware. Researchers have detected worrying moves on the part of this new group. In a short period of time, they have already orchestrated several attacks targeting organizations in Asia and Africa.

The Agenda ransomware was developed in the Go programming language. A language widely used by hackers to develop malware.

The name Agenda comes from a post by a Dark Web user named ”Qilin” who is likely part of the ransomware distributors.

The group behind the Agenda ransomware executes well-targeted attacks on studied victim companies. In each invasion, the mode of operation is very customized. That way, the Agenda ransomware is able to deeply damage company systems.

The ransomware can reboot systems into Windows safe mode and disrupt running server processes and services.

In an investigation into the group’s previous attack, researchers found that the group behind the Agenda ransomware used a Citrix server as an entry point into the victim’s environment.

Using leaked identities, the threat actors gained access to Active Directory via RDP and then scanned the network using the Nmap.exe and Nping.exe scanning tools.

With these strategies, the Agenda ransomware infected data from healthcare and education organisations in Indonesia, Thailand, Saudi Arabia and South Africa.

Its ransom demands are relatively high and can range from $50,000 to $800,000.

Of course, an attack of this magnitude can turn many businesses or organisations upside down. And at such times it is crucial to have competent professionals who can turn the situation around.

Recovering files encrypted by Agenda ransomware

Digital Recovery has been in the data recovery market for over 23 years. In that time we have managed to build a solid team of experts who act to recover data encrypted by ransomware.

We have developed unique solutions to recover encrypted files on almost all types of storage devices, such as servers, databases, virtual machines, RAID systems and others.

All these solutions can be executed remotely and deployed quickly and securely in any company or organisation worldwide.

We rely on confidentiality in our services because we understand the importance of guaranteed anonymity for our own customers. To achieve this we base our solutions on the General Data Protection Regulation (GDPR) as well as providing a confidentiality agreement (NDA).

We can start the recovery process immediately, just contact us and request an advanced diagnosis.

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that

Récupérer le Ransomware Makop

Makop Ransomware

The Makop ransomware has grown through its affiliate programme, RaaS (Ransomware as a Service), a tactic that aims to find partners to carry out attacks


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.