Skip to main content
JS
Jacob Santos

Jacob Santos

Threat Hunter, Researcher and Builder

Sr. Threat Researcher | Trend AI
17
Articles
14
Threads
10+
Tools
10+
Talks
Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques
Trend AI Research Blog Oct 2025

Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques

RansomwareCross-PlatformDefense Evasion

A sophisticated Agenda ransomware attack was identified deploying a Linux variant on Windows systems, achieving cross-platform execution that makes detection significantly more challenging for enterprises. The operators used remote management tools for initial deployment and BYOVD (Bring Your Own Vulnerable Driver) techniques to disable security products. Running Linux ransomware on Windows through compatibility layers or virtualization represents an innovative evasion strategy that bypasses Windows-focused endpoint detection. The research provides detection strategies for this cross-platform execution technique.