Latest Variant RansomExx Ransomware Rewritten in the Rust Programming Language
Reading Time: 2 minutes

The latest variant of RansomExx Ransomware is written in the Rust programming language by its operators and follows other strains like BlackCat, Hive, and Luna.

The latest version, dubbed RansomExx2 by the malware author known as Hive0091 (aka DefrayX), is primarily designed to run on the Linux operating system. That being said, it is rumored that a Windows version will be released in the near future.

RansomExx, also referred to as Defray777 and Ransom X is a ransomware family that has been active since 2018. It has since been linked to a number of attacks on government agencies and manufacturers, as well as other high-profile entities like Embraer and GIGABYTE.

IBM Security researcher Charlotte Hammond said, “There was a recent detection of a new variant of the Stealer Trojan written in Rust and it’s this development that forced us to write this report.” 

RansomExx2 is functionally similar to its predecessor and takes a list of directories as input. Once installed, the ransomware will enter all specified directories and encrypt the files with AES-256 encryption.

The ransom note is dropped in each encrypted directory when the step is completed. It’s not just hackers writing malware in English anymore. The development of new programming languages has enabled malware and ransomware creators to build with cross-platform flexibility, which makes it difficult for computers to catch a trail.

Hammond further explains, “RansomExx is just one of many major ransomware families to adopt Rust in 2022. The changes made to RansomExx by the group don’t seem all that significant or innovative, but the fact that they’ve switched to Rust is another step in their continued efforts to innovate and make their software immune from future detection.”

Follow TechnoidHost for more interesting articles on Facebook and  Twitter

Related Articles:
Cyber Criminals Using Go-based Aurora Stealer Malware
K–12 Students Using Cyberattacks to Shut Down School
Cracked Version of Cobalt Strike Hacking Toolkit Identified by Google in the Wild