Agenda Ransomware Hits 591 Victims Worldwide Using Cross-Platform Attack Strategy

Agenda ransomware infects 591 victims globally, exploiting remote tools and targeting backup systems, with U.S. leading in attacks.

By Content Team

Oct 26, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

The Agenda ransomware group (also called Qilin) has infected 591 victims across 58 countries since January 2025, with the U.S. leading at 295 incidents. Trend Micro researchers discovered the group's sophisticated approach: deploying Linux ransomware on Windows systems while exploiting legitimate remote access tools to avoid detection.

The attackers use fake Google CAPTCHA pages to steal credentials, then target backup systems like Veeam to harvest more passwords and disable recovery options. Manufacturing (92 incidents), technology (68), and healthcare (61) sectors face the heaviest attacks.

This cross-platform strategy bypasses traditional Windows-focused security tools, making detection extremely difficult. Organizations using remote access platforms or hybrid Windows/Linux environments face the highest risk.

Source: Industrial Cyber

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Hackers Actively Exploiting Critical WatchGuard Firewall Zero-Day

Dec 23, 2025

Cybercriminals Launch Sophisticated Phishing Attack Targeting LastPass Users

Jan 22, 2026

Tech-Savvy Zillennial Falls for Banking Scam Despite Cybersecurity Training

Feb 2, 2026

ICO Says Sultana's Unauthorised Party Launch May Be Criminal Matter for Police

Jan 10, 2026