Skip to Content

RansomEXX leaked: RansomExx Malware Moves to Rust Programming Language

Updated on 2022-11-25: RansomExx Malware Moves to Rust Programming Language

The RansomExx malware has been rewritten in the Rust programming language, which helps it evade detection by antivirus products and increases the amount of time needed to reverse engineer. Rust also has cross-platform support. Other ransomware groups have also migrated their malware to Rust.


  • The prior version of this ransomware was written in C++. At the time of writing, 14 of the 60+ AV detection engines tested detected the Rust-based malware. The current version of RansomExx2 is only available for Linux platforms; given the history of the group writing the malware, a Windows version is imminent. Other ransomware released in Rust includes Hive, Zeon and BlackCat.


Updated on 2022-11-22

IBM X-Force researchers said they discovered a new version of the RansomExx ransomware that was rewritten in the Rust programming language. They named this new version RansomExx2 but noted that most of its functionality is similar to its C++ predecessor. RansomExx now joins the ranks of BlackCat, Hive, and Zeon—other ransomware strains also written in Rust. Read more: RansomExx Upgrades to Rust

Updated on 2022-10-14

RansomEXX leaked a database of 52GB, which it claims to be stolen from Consorci Sanitari Integral, a Barcelona hospital system. Read more: RansomExx Leaks 52GB of Barcelona Health Centers’ Data

Updated on 2022-10-05: Ferrari hack

Earlier this week, on Monday, the RansomExx ransomware group claimed to have breached Italian carmaker Ferrari and leaked almost 7GB of data from the company’s servers. But in a statement provided to local media, Ferrari said they haven’t detected any breach or ransomware attack on their network. The company said it’s still investigating the incident and that there was no disruption to its business following this particular incident—which to most security experts is starting to look like a breach of one of the carmaker’s contractors; an incident that was most likely misrepresented by the attackers for increased media coverage. Read more: La Ferrari è stata colpita dal ransomware RansomEXX. 7GB di dati scaricabili online


Ferrari, the sports car manufacturer, said some of its internal documents were leaked online, while also claiming that it didn’t encounter evidence of any cyberattack. Researchers surmise that it witnessed a ransomware attack. Read more: RansomEXX gang claims to have hacked Ferrari and leaked online internal documents

    Ads Blocker Image Powered by Code Help Pro

    It looks like you are using an adblocker.

    Ads keep our content free. Please consider supporting us by allowing ads on