Cybercrime , Cybercrime as-a-service , Fraud Management & Cybercrime
RansomEXX Updates to Rust Malware to Improve Evasion
DefrayX's Hacking Group Rewrote RansomEXX in Rust Programming for Advanced EvasionHacking group behind RansomEXX is the latest to deploy updated malware compiled using Rust programming language for better evasion.>
The latest malware dubbed RansomEXX2 was re-written using Rust programming language and targets Linux operating systems. The malware, when deployed, encrypts files of more than 40 GB using AES-256 keys on the victims' devices, a new report by IBM's Security X-Force finds.
See Also: Mitigating Identity Risks, Lateral Movement and Privilege Escalation
RansomEXX2 is operated by the DefrayX hacking group which is known to target victims in the healthcare sector. Among its victims are the Spanish medical and social services agency and the Scottish Association for Mental Health.
Since DefrayX is known to release both Linux and Windows versions of its ransomware strains, IBM researchers suggest DefrayX is likely to come out with Windows's version of RansomEXX2 in the coming months.
Although the latest malware does not differ in capabilities in comparison to its previous version compiled in C++ language, the switch in programming language reflects a growing trend among threat groups who are increasingly adopting Rust for malware developments, IBM researchers say.
This is because Rust applications come with cross-platform functionality and advanced antivirus detection capabilities. "Rust’s compilation process also results in more complex binaries that can be more time-consuming to analyse for reverse engineers," the report says.
"X-Force assesses it is highly likely that more threat actors will experiment with Rust going forward," the report says. "While these latest changes by RansomEXX may not represent a significant upgrade in functionality, the switch to Rust suggests a continued focus on the development and innovation of the ransomware by the group, and continued attempts to evade detection."