1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • One of the most dastardly ransomware strains has received a Rust-

    From TechnologyDaily@1337:1/100 to All on Wed Jul 6 17:00:04 2022
    One of the most dastardly ransomware strains has received a Rust-flavored upgrade

    Date:
    Wed, 06 Jul 2022 15:42:32 +0000

    Description:
    Hive has made the leap to Rust and changed the way it encrypts files.

    FULL STORY ======================================================================

    One of the most destructive ransomware -as-a-service tools, Hive, has
    received a major overhaul, making it more resilient to antivirus programs and other security solutions.

    These are the findings of a team of researchers at the Microsoft Threat Intelligence Center (MSTIC), who recently did a deep dive into a new Hive variant.

    Hive ransomware is only about one year old, having been first observed in
    June 2021, but it has grown into one of the most prevalent ransomware
    payloads in the ransomware-as-a-service (RaaS) ecosystem, Microsoft said in its report. Far-reaching impact

    The biggest change is the full code migration from Go (also known as GoLang) to Rust. The impact of these updates is far-reaching, Microsoft says.

    Among other things, Rust offers deep control over low-level resources, has a user-friendly syntax, has several mechanisms for concurrency and parallelism, good variety of cryptographic libraries, and is relatively more difficult to reverse-engineer.

    The new variant also uses string encryption , making it somewhat harder to detect, and the underlying algorithms have changed too. The Rust version of Hive uses Elliptic Curve Diffie-Hellmann (ECDH), with Curve25519 and XChaCha20-Poly1305 (authenticated encryption with ChaCha20 symmetric cipher). Read more

    Best firewall of 2022: top paid and free services


    Conti ransomware group officially shuts down - but probably not for long


    Ransomware is affecting more businesses than ever this year

    As for file encryption, it now generates two sets of keys in memory (as opposed to embedding an encrypted key in each encrypted file), and uses both to encrypt files on the target endpoint . It then encrypts and writes the
    sets to the root of the encrypted drive, both with .key extensions.

    To top it off, the operators changed the ransom message that follows up to
    the attack. The new version now references the .key files with their new file name convention, and warns victims not to delete or reinstall VMs , as there will be nothing to decrypt.

    Hive isnt the first ransomware to migrate to Rust, but it might be the first to signal a trend. Before Hive, it was BlackCat, another successful ransomware, that made the jump. Keep your devices safe with the best malware protection around



    ======================================================================
    Link to news story: https://www.techradar.com/news/one-of-the-most-dastardly-ransomware-strains-ha s-received-a-rust-flavored-upgrade/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)