Daily Tech News, Interviews, Reviews and Updates

Microsoft discovered Hive ransomware using Rust programming language to encrypt key files

Microsoft cyber security researchers discovered new variants of Hive ransomware written in Rust programming language instead of Go. Hive ransomware is a strain that was used by novice cybercriminals to launch ransomware attacks on healthcare, energy providers, and charities.

Hive ransomware was first discovered in June 2021 and used to be written in the Go programming language, a statically typed compiled open-source programming language. Reportedly, the ransomware is discovered to be written in Rust language which is a multi-paradigm, general-purpose programming language. Rust provides the threat actors to build complex ransomware software with millions of lines of code. It can also be used on embedded devices. Rust programming language offers ransomware to hide its identity efficiently under the mask of appearing as legitimate software.

The FBI alerted traces of Hive ransomware in August 2021. The ransomware claimed its first victim in November 2021, when European electronic retail giant MediaMarkt was compromised by Hive.

Microsoft Exchange Servers have suffered a ransomware-as-a-service (RaaS) double-extortion attack on compromised VPN credentials, phishing, and RDO servers.

Ransomware as a service (RaaS) performs extortion over stolen or encrypted data and can be used as pay-for-use malware. According to the reports Hive has adopted Rust language from BlackCat ransomware. Microsoft stated that Hive has been using Rust in a more comprehensive way and has a more advanced encryption method.

Microsoft Threat Intelligence Center (MSTIC) said, “The upgrades in the latest variant (of Hive) are effectively an overhaul: the most notable changes include a full code migration to another programming language and the use of more complex encryption method.”

Microsoft also stated that the Rust programming language offers more thread safety, user-friendly syntax, deep control over low-level resources, and can enable safe encryption files. According to Microsoft with the help of Rust language Hive ransomware can create notes to instruct victims. The MSTIC has also included the material of the instructive notes saying, “Do not delete or reinstall VMs. There will be nothing to decrypt. Do not modify, rename or delete key files. Your data will be undecryptable.” The ransomware group directly communicates with the victim to not remove key files which are the compromised files by Hive.

Reportedly, Hive has adopted a unique way of file encryption that provides maximum authority to the ransomware groups. Microsoft further stated, “instead of embedding an encrypted key in each file that it encrypts, it generates two sets of keys in memory, uses them to encrypt files, and then encrypts and writes the sets to the root of the drive it encrypts both with .key extension.”

Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More
You might also like

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More