Featured in this episode of Chaos Lever
Oh, it’s ransomware gangs. Poop. Operators of the software RansomExx (that’s two xx’s for exxtra-special) have started using a new variant written in Rust, joining similar outfits like BlackCat, Hive, and Luna. RansomExx is currently only running on Linux (interesting), with a Windows variant sure to follow shortly.
Rust is a memory-safe, strongly-typed programming language, and it’s often cited as a replacement for the C++ language. It is also cross-platform and low-level, providing both portability and speed. The switch to Rust from the previous C++ variant signals the rise in popularity of the language and also reminds us that ransomware outfits have developers who like to tinker, just like any other mundane software business.
While the variant is harder to spot for the moment, it will be added to the various and sundry antivirus detection suites in due time. There’s nothing particularly special about what RansomExx does in terms of ransomware, and like before, your best strategy is to maintain backups on an air gapped or disconnected system with separate media and controls.
While the disease might be slightly different and decidedly more crabby, the treatment remains the same. Backup your data and get some Old Bay seasoning.