Ransomware and Rust
Well, it had to happen. The BlackCat (aka ALPHV) ransomware gang have implemented ransomware using Rust. And, so, while Rust has been previously used for malware, it is the first time it has been used for ransomware. The major advantage of using Rust for this is that it is likely to be scalable for its deployment on a range of systems, along with it being easy to customize for target systems (as it avoids running within a framework and will run natively on systems).
The customization options provided by Rust supports a range of command-line options and that are integrated into the executable code. This code can run on Windows and Linux systems, and where the code can be run with a range of options:
To run the code, an access token is required (- -access-token), and which can make it difficult to analyse the operation of the executable. Overall this program tries to disable: AV detectors (such as avagent and avscc)’ programs which may lock files (such as Outlook and PowerPoint); and backup services. The files avoided include EXE, MSI, BAT and DLL, as the ransomware does not want to shut down the system.
The FBI now report that it has already hit over 60 organisations, and which is delivered…
