Ransomware-as-a-service operation Qilin has developed a novel Rust-based variant of the Agenda ransomware strain, which was originally based in the Go programming language and was used to compromise the healthcare and education sectors in Indonesia, Thailand, Saudi Arabia, and South Africa, The Hacker News reports.
Intermittent encryption is being conducted by Agenda ransomware in an effort to facilitate quicker encryption while bypassing detection, according to a Trend Micro report.
However, the new Agenda ransomware variant was found to be enhanced with capabilities allowing Windows AppInfo process termination and User Account Control deactivation.
"At present, its threat actors appear to be migrating their ransomware code to Rust as recent samples still lack some features seen in the original binaries written in the Golang variant of the ransomware. Rust language is becoming more popular among threat actors as it is more difficult to analyze and has a lower detection rate by antivirus engines," said researchers.