RansomExx ransomware is the last ransomware in order of time to have a version totally written in the Rust programming language.
The operators of the RansomExx ransomware (aka Defray777 and Ransom X) have developed a new variant of their malware, tracked as RansomExx2, that was ported into the Rust programming language.
The move follows the decision of other ransomware gangs, like Hive, Blackcat, and Luna, of rewriting their ransomware into Rust programming language.
The main reason to rewrite malware in Rust is to have lower AV detection rates, compared to malware written in more common languages.
RansomExx2 was developed to target Linux operating system, but experts believe that ransomware operators are already working on a Windows version.
RansomExx operation has been active since 2018, the list of its victims includes government agencies, the computer manufacturer and distributor GIGABYTE, and the Italian luxury brand Zegna. RansomExx is operated by the DefrayX threat actor group (Hive0091), the group also developed the PyXie RAT, Vatet loader, and Defray ransomware strains.
The functionality implemented in RansomExx2 is very similar to previous RansomExx Linux variants.
“RansomExx2 has been completely rewritten using Rust, but otherwise, its functionality is similar to its C++ predecessor. It requires a list of target directories to encrypt to be passed as command line parameters and then encrypts files using AES-256, with RSA used to protect the encryption keys.” reads the analysis published by IBM Security X-Force.
The ransomware iterates through the specified directories, enumerating and encrypting files. The malware encrypts any file greater than or equal to 40 bytes and gives a new file extension to each file.
The RansomExx2 encrypts files using the AES-256 algorithm, it drops a ransom note in each encrypted directory.
“RansomExx is yet another major ransomware family to switch to Rust in 2022 (following similar efforts with Hive and Blackcat).” concludes the report. “While these latest changes by RansomExx may not represent a significant upgrade in functionality, the switch to Rust suggests a continued focus on the development and innovation of the ransomware by the group, and continued attempts to evade detection.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, RansomExx ransomware)
Share On
Read More: news.google.com
VaultCraft 
ZeroLend 
AIT Protocol 
BUBBLES 
Pharaoh 
Tottenham Hotspur FC Fan Token 
Sharpe AI 
Kaspy 
Yelay 
Financie Token 
Apertum 
Dero 
Artyfact 
MyStandard 
Ovr 
Flux Protocol 
MYX Finance 
Atlas Navi 
SolForge Fusion 
Harambe AI 
CateCoin 
RCH Token 
Mintlayer 
BMX 
PolyDoge 
Evernode 
Rally 
Draggin Karma Points 
Adrena 
Settled EthXY Token 
Shiba Inu Treat 
Pepper Meme 
SIPHER 
DeFi Kingdoms 
DeFinity 
GIZMO•IMAGINARY• KITTEN (Runes) 
Emorya Finance 
GOGGLES 
Dasha 
KILT Protocol 
zkSync Bridged WBTC (zkSync) 
Relend Network USDC (Swell) 
ROACORE 
Neurobro 
Alvara Protocol 
ChompCoin 
Teddy Bear 
Typus 
LORDS 
WELF