Security News > 2022 > July > Hive ransomware gang rapidly evolves with complex encryption, Rust code

Hive ransomware gang rapidly evolves with complex encryption, Rust code
2022-07-06 17:50

The Hive group, which has become one of the most prolific ransomware-as-a-service operators, has significantly overhauled its malware, including migrating the code to the Rust programming language and using a more complex file encryption process.

"With its latest variant carrying several major upgrades, Hive also proves it's one of the fastest evolving ransomware families, exemplifying the continuously changing ransomware ecosystem," the researchers said in a write-up this week.

Like most of the newer ransomware groups, the Hive operators run double-extortion campaigns: siphoning data, encrypting the files, and telling the victims their stolen information will be leaked if they refuse to pay the ransom.

The updates to Hive will have far-reaching impacts given that its RaaS payload has been used in attacks against organizations in a range of industries by large ransomware affiliates, such as DEV-0237.

Being written in Rust will make the Hive code a little more difficult to reverse-engineer, according to Microsoft researchers.

Detecting the Hive variant also is harder, according to MSTIC. "The new Hive variant uses string encryption that can make it more evasive," the researchers wrote, referring to the malware's executable.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/07/06/hive-ransomware-rust-microsoft/