Stories
Slash Boxes
Comments

SoylentNews is people

Qilin Ransomware Abuses WSL to Run Linux Encryptors in Windows

posted by mrpg on Monday November 03, @03:10PM   Printer-friendly
from the windows-sans-linux dept.
Security

An Anonymous Coward writes:

Qilin ransomware abuses WSL to run Linux encryptors in Windows
https://archive.ph/lhpiX

The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools.

The ransomware first launched as "Agenda" in August 2022, rebranding to Qilin by September and continuing to operate under that name to this day.

Qilin has become one of the most active ransomware operations, with new research from Trend Micro and Cisco Talos stating that the cybercrime gang has attacked more than 700 victims across 62 countries this year.

Both firms say the group has become one of the most active ransomware threats worldwide, publishing over 40 new victims per month in the second half of 2025.

Both cybersecurity firms report that Qilin affiliates use a mix of legitimate programs and remote management tools to breach networks and steal credentials, including applications such as AnyDesk, ScreenConnect, and Splashtop for remote access, and Cyberduck and WinRAR for data theft.

The threat actors also use common built-in Windows utilities, such as Microsoft Paint (mspaint.exe) and Notepad (notepad.exe), to inspect documents for sensitive data before stealing them.

[...] "After gaining access, the attackers enabled or installed WSL using scripts or command-line tools, then deployed the Linux ransomware payload within that environment. This gave them the ability to execute a Linux-based encryptor directly on a Windows host while avoiding many defenses that are focused on detecting traditional Windows malware."

Original Submission


«  Nvidia Hits Record $5 Trillion Mark as CEO Dismisses AI Bubble Concerns | October's Research Roundup: 6 Cool Science Stories We Almost Missed  »
This discussion was created by mrpg (5708) for logged-in users only. Log in and try again!
Qilin Ransomware Abuses WSL to Run Linux Encryptors in Windows | Log In/Create an Account | Top | 2 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 3, Funny) by crm114 on Monday November 03, @06:07PM

    by crm114 (8238) Subscriber Badge on Monday November 03, @06:07PM (#1423252)

    <sarcasm>
    https://www.theregister.com/2001/06/02/ballmer_linux_is_a_cancer/ [theregister.com]

    According to cancer.gov, "Cancer is a disease in which some of the body’s cells grow uncontrollably and spread to other parts of the body. "

    WSL going out of control to corrupt the host OS?

    Maybe he was being prophetic.
    </sarcasm>

  • (Score: 2) by PiMuNu on Wednesday November 05, @07:50AM

    by PiMuNu (3823) on Wednesday November 05, @07:50AM (#1423374)

    > Linux-based encryptor directly on a Windows host while avoiding many defenses

    Now we see the truth - Powershell isn't a piece of sh*t, it's a "defense against malware"

(1)