{"id":224188,"date":"2025-10-29T09:15:46","date_gmt":"2025-10-29T14:15:46","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/10\/qilin-ransomware-abuses-wsl-to-run-linux-encryptors-in-windows"},"modified":"2025-10-29T09:15:46","modified_gmt":"2025-10-29T14:15:46","slug":"qilin-ransomware-abuses-wsl-to-run-linux-encryptors-in-windows","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/10\/qilin-ransomware-abuses-wsl-to-run-linux-encryptors-in-windows","title":{"rendered":"Qilin ransomware abuses WSL to run Linux encryptors in Windows"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/qilin-ransomware-abuses-wsl-to-run-linux-encryptors-in-windows.jpg\"><\/a><\/p>\n<p>The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools.<\/p>\n<p>The ransomware first launched as \u201cAgenda\u201d in August 2022, rebranding to Qilin by September and continuing to operate under that name to this day.<\/p>\n<p>Qilin has become one of the most active ransomware operations, with new research from <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/25\/j\/agenda-ransomware-deploys-linux-variant-on-windows-systems.html\" target=\"_blank\" rel=\"nofollow noopener\">Trend Micro<\/a> and <a href=\"https:\/\/blog.talosintelligence.com\/uncovering-qilin-attack-methods-exposed-through-multiple-cases\/\" target=\"_blank\" rel=\"nofollow noopener\">Cisco Talos<\/a> stating that the cybercrime gang has attacked more than 700 victims across 62 countries this year.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools. The ransomware first launched as \u201cAgenda\u201d in August 2022, rebranding to Qilin by September and continuing to operate under that name to this day. Qilin has become one of the most [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-224188","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/224188","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=224188"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/224188\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=224188"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=224188"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=224188"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}