back to article Hive ransomware gang rapidly evolves with complex encryption, Rust code

The Hive group, which has become one of the most prolific ransomware-as-a-service (RaaS) operators, has significantly overhauled its malware, including migrating the code to the Rust programming language and using a more complex file encryption process. Researchers at the Microsoft Threat Intelligence Center (MSTIC) uncovered …

  1. Clausewitz4.0
    Devil

    Making analysis more challenging

    QUOTE: Since all strings are encrypted, it makes finding the parameters challenging for security researchers."

    Not at all, since the decryption key is embedded in the executable.

    Storing only the hash of the command line parameters, would make analysis more truly challenging.

    1. A random security guy

      Re: Making analysis more challenging

      Automated AV scanners that rely on pure pattern matching will not be able to get anywhere if they don't decrypt the payload. That means the AV scanner first have to determine what kind of malware something is, decrypt the payload, then the strings in the payload, and then, finally, perform a pattern match. They might skip a level of encryption somewhere.

      Should not be too hard but the AV scanners may be limited if the decryption and compression software is (slightly) proprietary, forcing you to run the malware for analysis

  2. DS999 Silver badge
    Trollface

    Using Rust for greater security and memory safety

    It'd be a shame if your malware had a buffer overflow that let another ransomware gang steal your ransom payments!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022