Windows Security
Qilin ransomware uses WSL to run Linux encryptors on Windows
The Qilin ransomware group has been observed exploiting the Windows Subsystem for Linux (WSL) to execute Linux-based encryptors directly on Windows systems, bypassing traditional security tools. This technique allows the malware to evade detection by endpoint detection and response (EDR) products focused on Windows behaviors. Cybersecurity firms Trend Micro and Cisco Talos detailed the method in recent research.