1 min read

Hive Ransomware Switches to Rust to Increase Encryption Complexity

Vlad CONSTANTINESCU

July 06, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Hive Ransomware Switches to Rust to Increase Encryption Complexity

Hive members revamped the encryption software of their Ransomware-as-a-Service (RaaS) and underwent a complete Rust migration so they could switch to a more complex encryption method.

The malicious operation had earlier relied on GoLang, which, although powerful, was less versatile than the newly adopted Rust programming language. After its migration, Hive became the second ransomware strain written in Rust, after BlackCat.

According to Microsoft’s Threat Intelligence Center’s (MSTIC) advisory, the overhaul infused Hive with several powerful capabilities, including:

  • Broader support for cryptographic libraries
  • Advanced control over low-level resources
  • Data type, memory and thread safety
  • Can better withstand reverse-engineering attempts
  • Multiple concurrency and parallelism mechanisms for convenient file encryption
  • Ability to stop several security solution services and processes from hampering its operation (e.g., antivirservice, msmpsvc, windefend, mspub, avagent, winmgmt, backup and mysql)

The revamped version of Hive employs an unorthodox file encryption mechanism based on generating encryption keys in memory, using them, and writing them to the encrypted drive’s root.

“To indicate which keys set was used to encrypt a file, the name of the .key file containing the corresponding encryption keys is added to the name of the encrypted file on disk, followed by an underscore and then a Base64 string (also adding underscore and hyphen to the character set),” MSTIC says. “Once it’s Base64-decoded, the string contains two offsets, with each offset pointing to a different location in the corresponding .key file. This way, the attacker can decrypt the file using these offsets.”

This discovery comes about a week after South Korean cybersecurity agency KISA released a free decryption tool for victims of Hive ransomware. The decryption tool works for files encrypted by Hive versions v1 through v4.

Seeing as the decryptor’s release rendered these versions of the Hive RaaS almost useless, it’s likely that this event triggered the decision to migrate to Rust for high-complexity encryption.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

America’s Emergency Alert System Is Vulnerable to Hacker Attacks, DHS Warns America’s Emergency Alert System Is Vulnerable to Hacker Attacks, DHS Warns
Filip TRUȚĂ

August 05, 2022

2 min read
Keeping Your PayPal Account Safe: A Brief Guide Keeping Your PayPal Account Safe: A Brief Guide
Vlad CONSTANTINESCU

August 05, 2022

3 min read
35,000 GitHub Repository Clones Tainted with Malware 35,000 GitHub Repository Clones Tainted with Malware
Vlad CONSTANTINESCU

August 04, 2022

2 min read