A new variant of the Hive ransomware written in Go a year ago has been rewritten in Rust, Microsoft security researchers have discovered . Hive appeared in June 2021, two months after the FBI issued a warning . In November, European e-retail giant MediaMarkt was attacked by Hive. This is another ransomware-as-a-service (RaaS) dual extortion gang that has recently been deploying ransomware against vulnerable Microsoft Exchange and RDP servers, stolen VPN credentials and phishing and stealing information worth stealing. Hive’s migration to the Rust version has been going on for several months, taking lessons from the BlackCat ransomware, which was also written in Rust. Group-IB researchers discovered in March that Hive switched its Linux encryptor (for VMware ESXi servers) to Rust, making it harder for security researchers to peek into its ransom conversations with victims. Microsoft’s analysis shows that Hive, rewritten in Rust, is more comprehensive and supports the changes to encryption methods mentioned in March. “Instead of embedding an encryption key in every file it encrypts, it generates two sets of keys in memory, encrypts the file with them, and then encrypts and writes both sets of keys to the drive it encrypts,” Microsoft notes. , both use the .key extension.”
This article is reprinted from: https://www.solidot.org/story?sid=72068
This site is for inclusion only, and the copyright belongs to the original author.