RansomExx Ransomware Improve to Rust Programming Language Safety Points

The RansomExx ransomware is the final ransomware so as of time to have a model written fully within the Rust programming language.

The operators of the RansomExx ransomware (aka Defray777 and Ransom X) have developed a brand new model of their malware, tracked as RansomExx2, ported to the Rust programming language.

The transfer follows the choice of different ransomware gangs reminiscent of Hive, Blackcat and Luna to rewrite their ransomware within the Rust programming language.

The principle purpose for rewriting malware in Rust is the decrease AV detection price in comparison with malware written in additional frequent languages.

RansomExx2 was developed to focus on Linux working programs, however consultants consider that ransomware operators are already engaged on a Home windows model.

The RansomExx operation has been lively since 2018, with its checklist of victims together with authorities businesses, pc producer and distributor GIGABYTE and Italian luxurious model Zegna. RansomExx is operated by the DefrayX risk actor group (Hive0091), the group that additionally developed the PyXie RAT, the Vatet loader, and the Defray ransomware strains.

The performance applied in RansomExx2 is much like that of earlier RansomExx Linux variants.

RansomExx2 has been utterly rewritten utilizing Rust, however in any other case, its performance is similar to its C++ predecessor. It requires a listing of goal directories to encrypt to be handed as a command line parameter after which encrypts the recordsdata utilizing AES-256 with RSA used to guard the encryption key . reads the evaluation revealed by IBM Safety X-Pressure.

The ransomware iterates via specified directories, enumerates and encrypts recordsdata. The malware encrypts any file larger than or equal to 40 bytes and offers every file a brand new file extension.

RansomExx2 encrypts recordsdata utilizing the AES-256 algorithm, it leaves ransom notes in every encrypted listing.

Ransomexx ransomware

“RansomExx is one more main ransomware household to modify to Rust in 2022 (following related efforts with Hive and Blackcat).” ends the report. “Whereas these newest modifications by RansomExx could not characterize a major improve in performance, the change on Rust suggests a continued concentrate on growth and innovation. ransomware by the group, and continued efforts to keep away from detection.

Comply with me on Twitter: @securityaffairs And Fb And Mastodon

Pierluigi Paganini

,safety points , hacking, RansomExx ransomware)

Supply hyperlink