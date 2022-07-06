



2 minutes to listen to the article This voice is automatically generated. Please let us know if you have any feedback. Dive Briefs: The group behind Hive ransomware has completed full code migration and overhaul, and researchers at the Microsoft Threat Intelligence Center have discovered that they are now using ransomware as their service payload using more complex encryption methods. did. Microsoft describes Hive, first observed in June 2021, as one of the most popular ransomware payloads and one of the fastest-evolving ransomware families. .. By migrating the code from Go to Rust, Hive can string the encryption to avoid detection, gain more control over the code, and provide greater protection against reverse engineering. Dive Insight:

The original Hive payload was previously used by large ransomware affiliates to attack healthcare and software organizations. In April, the Department of Health and Human Services warned the ransomware group’s healthcare organization. And explained that it was very aggressive.

The new variants that Microsoft discovered in multiple samples have low detection rates and are more difficult for businesses to pinpoint.

This transition is a sign that gangs are maturing and requires more technical expertise and new skills to create more sophisticated ransomware than ever before, says Michela Menting, research director at ABI Research. Says.

A complete overhaul, including the use of a new programming language, takes time and resources. This suggests that the group behind Hive has a long-term plan that is a bad sign for the organization.

It’s likely that gangs are entering the ransomware market and trying to secure longevity, Menting said.

Rust gives you fine-grained control over low-level resources in Hive and other ransomware payloads. According to Microsoft, the latest Hive variants also introduce a new encryption mechanism.

Instead of embedding the encrypted key in each file you want to encrypt, you generate two sets of keys in memory and use them to encrypt the file and write it to the root of the drive you want to encrypt and encrypt. Both have a .key extension. The company wrote on the blog.

Rust is especially useful when working with large amounts of data. This is an important advantage for ransomware gangs who aim to encrypt as much data as possible in the shortest possible time.

Programming languages ​​are also difficult to learn, making it difficult for security companies and competing ransomware groups to reverse engineer their code.

