Security News > 2022 > March > Hive ransomware ports its Linux VMware ESXi encryptor to Rust

Hive ransomware ports its Linux VMware ESXi encryptor to Rust
2022-03-27 19:18

The Hive ransomware operation has converted their VMware ESXi Linux encryptor to the Rust programming language and added new features to make it harder for security researchers to snoop on victim's ransom negotiations.

Ransomware gang's Linux encryptors typically target the VMware ESXI virtualization platforms as they are the most commonly used in the enterprise.

While Hive has been using a Linux encryptor to target VMware ESXi servers for some time, a recent sample shows that they updated their encryptor with features first introduced by the BlackCat/ALPHV ransomware operation.

While the Hive Ransomware already requires a login name and password to access a victim's Tor negotiation page, these credentials were previously stored in encryptor executable, making them easy to retrieve.

In a new Hive Linux encryptor found by Group-IB security researcher rivitna, the Hive operation now requires the attacker to supply the user name and login password as a command-line argument when launching the malware.

Rivitna also told BleepingComputer that Hive continued to copy BlackCat by porting their Linux encryptor from Golang to the Rust programming language to make the ransomware samples more efficient and harder to reverse engineer.


News URL

https://www.bleepingcomputer.com/news/security/hive-ransomware-ports-its-linux-vmware-esxi-encryptor-to-rust/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2312 1489 67 3932
Vmware 146 11 222 256 102 591