More sophisticated encryption has been integrated into Hive ransomware
, which has been updated to the Rust programming language, reports The Hacker News
Hive ransomware's transition to Rust has allowed the inclusion of memory safety and elevated low-level resource control capabilities, as well as enabled broader cryptographic library utilization, according to a report from the Microsoft Threat Intelligence Center.
"Instead of embedding an encrypted key in each file that it encrypts, it generates two sets of keys in memory, uses them to encrypt files, and then encrypts and writes the sets to the root of the drive it encrypts, both with .key extension," said MSTIC, which added that renaming is performed to an encrypted file to determine the key used for its encryption.
The findings come after the AstraLocker ransomware operation reported shutting down as it plans a pivot to cryptojacking, as well as the reported emergence of the RedAlert ransomware family targeting VMware ESXi servers on Windows and Linux.