Hive Ransomware Upgrades to Rust for More Sophisticated Encryption Method

2022-07-06 22:12

The operators of the Hive ransomware-as-a-service scheme have overhauled their file-encrypting software to fully migrate to Rust and adopt a more sophisticated encryption method.

"With its latest variant carrying several major upgrades, Hive also proves it's one of the fastest evolving ransomware families, exemplifying the continuously changing ransomware ecosystem," Microsoft Threat Intelligence Center said in a report on Tuesday.

The shift from GoLang to Rust makes Hive the second ransomware strain after BlackCat to be written in the programming language, enabling the malware to gain additional benefits such as memory safety and deeper control over low-level resources as well as make use of a wide range of cryptographic libraries.

Hive is no different from other ransomware families in that it deletes backups to prevent recovery, but what's changed significantly in the new Rust-based variant is its approach to file encryption.

To determine which of the two keys is used for locking a specific file, an encrypted file is renamed to include the file name containing the key that's then followed by an underscore and a Base64-encoded string that points to two different locations in the corresponding.

In an indication that the cybercriminal landscape is in constant flux, cybersecurity researchers have discovered a new ransomware family called RedAlert that's capable of targeting both Windows and Linux VMWare ESXi servers.

News URL

https://thehackernews.com/2022/07/hive-ransomware-upgrades-to-rust-for.html

#encryption #hive #ransomware #upgrade