Cybercrime , Cybercrime as-a-service , Fraud Management & Cybercrime

RansomEXX Updates To Rust Malware To Improve Evasion

DefrayX’s Hacking Group Rewrote RansomEXX in Rust Programming For Advanced Evasion
RansomEXX Updates To Rust Malware To Improve Evasion
Image source: PFA

Hacking group behind RansomEXX is the latest to deploy updated malware compiled using Rust programming language for better evasion.

The latest malware dubbed RansomEXX2 was re-written using Rust programming language and targets Linux operating systems. The malware, when deployed, encrypts files of more than 40 GB using AES-256 keys on the victims' devices, a new report by IBM's Security X-Force finds.

See Also: Webinar | Don't Get Hacked in the Cloud: The Essential Guide to CISOcial Distancing

RansomEXX2 is operated by the DefrayX hacking group which is known to target victims in the healthcare sector. Among its victims are the Spanish medical and social services agency and the Scottish Association for Mental Health.

Since DefrayX is known to release both Linux and Windows versions of its ransomware strains, IBM researchers suggest DefrayX is likely to come out with Windows's version of RansomEXX2 in the coming months.

Although the latest malware does not differ in capabilities in comparison to its previous version compiled in C++ language, the switch in programming language reflects a growing trend among threat groups who are increasingly adopting Rust for malware developments, IBM researchers say.

This is because Rust applications come with cross-platform functionality and advanced antivirus detection capabilities. "Rust’s compilation process also results in more complex binaries that can be more time-consuming to analyse for reverse engineers," the report says.

"X-Force assesses it is highly likely that more threat actors will experiment with Rust going forward," the report says. "While these latest changes by RansomEXX may not represent a significant upgrade in functionality, the switch to Rust suggests a continued focus on the development and innovation of the ransomware by the group, and continued attempts to evade detection."

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.