Select Page

The operators of the RansomExx ransomware have become the latest to develop a new variant fully rewritten in the Rust programming language, following other strains like BlackCatHive, and Luna.

The latest version, dubbed RansomExx2 by the threat actor known as Hive0091 (aka DefrayX), is primarily designed to run on the Linux operating system, although it’s expected that a Windows version will be released in the future.

RansomExx, also known as Defray777 and Ransom X, is a ransomware family that’s known to be active since 2018. It has since been linked to a number of attacks on government agencies, manufacturers, and other high-profile entities like Embraer and GIGABYTE.

“Malware written in Rust often benefits from lower [antivirus] detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language,” IBM Security X-Force researcher Charlotte Hammond said in a report published this week.

RansomExx2 is functionally similar to its C++ predecessor and it takes a list of target directories to encrypt as command line inputs.

images from Hacker News