New RansomExx Ransomware Variant Switching to Rust Programming Language

RansomExx is a type of ransomware that first appeared in 2018 as Defray. Since then, the malware has changed many times, with the most recent changes being made in the Rust programming language. This makes RansomExx the latest piece of ransomware to switch to a language other than English.

“Malware written in Rust often benefits from lower [antivirus] detection rates (compared to those written in more common languages), and this may have been the primary reason to use the language,” Charlotte Hammond, an IBM Security X-Force researcher, stated in a report released this week.

Hive and BlackCat, among other well-known ransomware, had already been rewritten in Rust to broaden their assault scope.

The threat actor known as Hive0091 (aka DefrayX) named the latest version RansomExx2. It is mostly designed to run on the Linux operating system, but a Windows version is likely to come out in the future.

Why switch to Rust

Ransomware developed in Rust has a low detection rate, which is one of the key reasons why ransomware developers use this language. Furthermore, migrating to this language has a number of other advantages:

  • Data type, Memory, and thread safety
  • Several mechanisms for concurrency and parallelism, thus, enabling fast encryption
  • Good cryptographic libraries
  • Difficult to reverse engineer

RansomExx2 works in the same way as its C++ predecessor, and it accepts a list of target directories to encrypt as command line input.

When the ransomware is run, it goes through each of the given directories in a loop, enumerating the files and encrypting them with the AES-256 algorithm.

After this step is finished, a ransom note with the amount of money that needs to be paid is left in each encrypted directory.

The development highlights a new trend in which an increasing number of criminal actors are developing malware and ransomware using lesser-known programming languages such as Rust and Go, which not only provide improved cross-platform flexibility but can also elude detection.

Researchers believe that RansomExx’s latest enhancements do not represent a significant upgrade in functionality and that the group will continue to innovate to improve evasion strategies. As a result, it is advised that businesses use IOCs to explore the presence of such threats in their environments and evaluate for potential infiltration.

“While these latest changes by RansomExx may not represent a significant upgrade in functionality, the switch to Rust suggests a continued focus on the development and innovation of the ransomware by the group, and continued attempts to evade detection.”

Also readW4SP Stealer Actively Targeting Python Developers in Ongoing Supply Chain Attack

13,151 thoughts on “New RansomExx Ransomware Variant Switching to Rust Programming Language”

  1. І hɑᴠe been playing arena ⲣlus fоr some tіme аnd I absoluteⅼy “Love” arena plᥙs.
    I am not averse tо tһe advertisements thawt ɑre tbere enough,
    anymore welⅼ then it’s a problem. It is smooth
    ɑnd easy tto play, Ӏ likе the fact tһat Ӏ can regulate speed, and tһe colors of еach
    level are gгeat.. Y᧐u can aⅼѕo take part in otһeг games while trying to finish regular levels, whiсh is aⅼs gгeat.
    Ꭲhank you for this game! !

  2. Your article gave me a lot of inspiration, I hope you can explain your point of view in more detail, because I have some doubts, thank you.

  3. Your article gave me a lot of inspiration, I hope you can explain your point of view in more detail, because I have some doubts, thank you.

  4. Hello, Neat post. There’s a problem together with your web site in web explorer, could test this?K IE nonetheless is the market chief and a big section of other people will leave out your magnificent writing due to this problem.

  5. Whats up very nice web site!! Man .. Excellent .. Superb .. I’ll bookmark your site and take the feeds also…I’m happy to search out numerous helpful information right here within the post, we need develop more strategies on this regard, thank you for sharing. . . . . .

  6. Hi there! Quick question that’s totally off topic. Do you know how to make your site mobile friendly? My site looks weird when browsing from my iphone4. I’m trying to find a template or plugin that might be able to resolve this problem. If you have any recommendations, please share. Cheers!