The RansomExx ransomware operation has introduced the new Rust-based RansomExx2 ransomware variant for Linux following other ransomware gangs that have developed variants based on the Rust programming language in an effort to avert detection, according to The Record, a news site by cybersecurity firm Recorded Future.
Only 14 of more than 60 antivirus providers in VirusTotal were able to detect the new RansomExx2 strain, which was developed by those behind Defray ransomware, PyXie malware, and Vatet loader, a report from IBM Security X-Force revealed. Significantly lower use of Rust binaries have resulted in reduced antivirus detection rates but further malicious use of the Rust language may prompt antivirus vendors to bolster detection capabilities, said IBM Security X-Force malware reverse engineer Charlotte Hammond.
"It's for this reason as well that its important to highlight these language changes when they arise. Raising awareness of the fact that more groups are adopting a new language will hopefully encourage security teams to research the matter and ensure they have the capabilities to detect and defend against it," Hammond added.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news