He added, Agenda Ransomware exploits Windows-centric assumptions, under-protected RMM tools, and neglected driver monitoring. Most organizations still underestimate how much control attackers gain once they compromise RMM agents and backup credentials. So, they should start with identity, RMM, hypervisors, and backups as these control planes drive scale for attackers. Close cross-platform detection gaps and enforce kernel driver integrity to blunt BYOVD and lateral Linux/Windows execution paths.
Also, considering manufacturing, healthcare, and tech are deeply reliant on RMM and file-transfer tools, replacing them isn’t realistic. Instead, CIOs should consolidate to approved platforms, enforce JIT and session-based access, and segregate management traffic from production systems, noted Mehta
Lastly, treat backups as a separate security domain with isolated networks, independent credentials, immutable copies, and continuous database monitoring for credential access. The key is to assume the backup controller itself could be compromised.
