Identity, Risk Assessments/Management, Network Security, Security Architecture, Ransomware, Threat Management

Hive’s VMware ESXi Linux encryptor converted to Rust

The VMware ESXi Linux encryptor of the Hive ransomware operation has been ported over to the Rust programming language, with Hive also including new features aimed at bolstering the encryptor's capability to conceal ransom negotiations, reports BleepingComputer. Hive has been discovered to update its Linux encryptor to add attributes first observed in the ALPHV/BlackCat ransomware operation, including the removal of attackers' login credentials from the encryptor executable. Group-IB security researcher rivitna discovered that the Hive's new Linux encryptor compels attackers to provide their credentials as a command-line argument to facilitate the launch of the malware, making retrieval of negotiation login credentials from Linux malware samples impossible. While the inclusion of such command-line argument in Windows remains uncertain, it is possible that the feature will be included shortly. Moreover, the conversion of the encryptor from Golang to Rust would bolster the efficiency and reverse engineering difficulty of Hive ransomware samples. "Rust allows to get safer, fast, and efficient code, while code optimization complicates analysis of Rust program," said rivitna.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.