Ransomware, Malware, Threat Management

Novel Rust-based Agenda ransomware variant discovered

Ransomware-as-a-service operation Qilin has developed a novel Rust-based variant of the Agenda ransomware strain, which was originally based in the Go programming language and was used to compromise the healthcare and education sectors in Indonesia, Thailand, Saudi Arabia, and South Africa, The Hacker News reports. Intermittent encryption is being conducted by Agenda ransomware in an effort to facilitate quicker encryption while bypassing detection, according to a Trend Micro report. However, the new Agenda ransomware variant was found to be enhanced with capabilities allowing Windows AppInfo process termination and User Account Control deactivation. "At present, its threat actors appear to be migrating their ransomware code to Rust as recent samples still lack some features seen in the original binaries written in the Golang variant of the ransomware. Rust language is becoming more popular among threat actors as it is more difficult to analyze and has a lower detection rate by antivirus engines," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.