Updated on 2022-11-25: RansomExx Malware Moves to Rust Programming Language
The RansomExx malware has been rewritten in the Rust programming language, which helps it evade detection by antivirus products and increases the amount of time needed to reverse engineer. Rust also has cross-platform support. Other ransomware groups have also migrated their malware to Rust.
Note
- The prior version of this ransomware was written in C++. At the time of writing, 14 of the 60+ AV detection engines tested detected the Rust-based malware. The current version of RansomExx2 is only available for Linux platforms; given the history of the group writing the malware, a Windows version is imminent. Other ransomware released in Rust includes Hive, Zeon and BlackCat.
Read more in
Updated on 2022-11-22
IBM X-Force researchers said they discovered a new version of the RansomExx ransomware that was rewritten in the Rust programming language. They named this new version RansomExx2 but noted that most of its functionality is similar to its C++ predecessor. RansomExx now joins the ranks of BlackCat, Hive, and Zeon—other ransomware strains also written in Rust. Read more: RansomExx Upgrades to Rust
Updated on 2022-10-14
RansomEXX leaked a database of 52GB, which it claims to be stolen from Consorci Sanitari Integral, a Barcelona hospital system. Read more: RansomExx Leaks 52GB of Barcelona Health Centers’ Data
Updated on 2022-10-05: Ferrari hack
Earlier this week, on Monday, the RansomExx ransomware group claimed to have breached Italian carmaker Ferrari and leaked almost 7GB of data from the company’s servers. But in a statement provided to local media, Ferrari said they haven’t detected any breach or ransomware attack on their network. The company said it’s still investigating the incident and that there was no disruption to its business following this particular incident—which to most security experts is starting to look like a breach of one of the carmaker’s contractors; an incident that was most likely misrepresented by the attackers for increased media coverage. Read more: La Ferrari è stata colpita dal ransomware RansomEXX. 7GB di dati scaricabili online
The RansomExx group has leaked today 7GB of files from fancy-pants way-too-expensive carmaker Ferrari
You can look at the leaked data as much as you want, none of it will explain the abysmally bad decisions the company's F1 team has been making this year 🤣 pic.twitter.com/KdjswmIfNS
— Catalin Cimpanu (@campuscodi) October 3, 2022
Overview
Ferrari, the sports car manufacturer, said some of its internal documents were leaked online, while also claiming that it didn’t encounter evidence of any cyberattack. Researchers surmise that it witnessed a ransomware attack. Read more: RansomEXX gang claims to have hacked Ferrari and leaked online internal documents
