February 5, 2023

Byte Class Technology

Byte Class Technology & Sports Update

RansomExx Ransomware upgrades to Rust programming languageSecurity Affairs

RansomExx ransomware is the previous ransomware in buy of time to have a variation entirely prepared in the Rust programming language.

The operators of the RansomExx ransomware (aka Defray777 and Ransom X) have created a new variant of their malware, tracked as RansomExx2, that was ported into the Rust programming language.

The transfer follows the conclusion of other ransomware gangs, like Hive, Blackcat, and Luna, of rewriting their ransomware into Rust programming language.

The main rationale to rewrite malware in Rust is to have lower AV detection charges, when compared to malware published in more popular languages.

RansomExx2 was produced to goal Linux operating method, but experts consider that ransomware operators are presently functioning on a Windows edition.

RansomExx procedure has been lively due to the fact 2018, the record of its victims consists of governing administration organizations, the laptop or computer producer and distributor GIGABYTE, and the Italian luxury brand name Zegna. RansomExx is operated by the DefrayX threat actor team (Hive0091), the group also created the PyXie RAT, Vatet loader, and Defray ransomware strains.

The performance applied in RansomExx2 is pretty related to previous RansomExx Linux variants.

“RansomExx2 has been absolutely rewritten employing Rust, but in any other case, its operation is identical to its C++ predecessor. It involves a listing of focus on directories to encrypt to be handed as command line parameters and then encrypts information working with AES-256, with RSA utilized to shield the encryption keys.” reads the investigation posted by IBM Security X-Force.

The ransomware iterates by means of the specified directories, enumerating and encrypting data files. The malware encrypts any file increased than or equal to 40 bytes and offers a new file extension to just about every file.

The RansomExx2 encrypts data files using the AES-256 algorithm, it drops a ransom notice in every encrypted listing.

“RansomExx is still a further major ransomware relatives to switch to Rust in 2022 (next related efforts with Hive and Blackcat).” concludes the report. “While these most current adjustments by RansomExx may possibly not stand for a major enhance in operation, the switch to Rust indicates a continued emphasis on the development and innovation of the ransomware by the team,  and ongoing attempts to evade detection.”

Follow me on Twitter: @securityaffairs and Fb and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, RansomExx ransomware)

&#13
&#13
&#13
&#13
&#13
&#13
&#13


&#13



&#13