1 min read

Hive Ransomware Switches to Rust to Increase Encryption Complexity

Vlad CONSTANTINESCU

July 06, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Hive Ransomware Switches to Rust to Increase Encryption Complexity

Hive members revamped the encryption software of their Ransomware-as-a-Service (RaaS) and underwent a complete Rust migration so they could switch to a more complex encryption method.

The malicious operation had earlier relied on GoLang, which, although powerful, was less versatile than the newly adopted Rust programming language. After its migration, Hive became the second ransomware strain written in Rust, after BlackCat.

According to Microsoft’s Threat Intelligence Center’s (MSTIC) advisory, the overhaul infused Hive with several powerful capabilities, including:

  • Broader support for cryptographic libraries
  • Advanced control over low-level resources
  • Data type, memory and thread safety
  • Can better withstand reverse-engineering attempts
  • Multiple concurrency and parallelism mechanisms for convenient file encryption
  • Ability to stop several security solution services and processes from hampering its operation (e.g., antivirservice, msmpsvc, windefend, mspub, avagent, winmgmt, backup and mysql)

The revamped version of Hive employs an unorthodox file encryption mechanism based on generating encryption keys in memory, using them, and writing them to the encrypted drive’s root.

“To indicate which keys set was used to encrypt a file, the name of the .key file containing the corresponding encryption keys is added to the name of the encrypted file on disk, followed by an underscore and then a Base64 string (also adding underscore and hyphen to the character set),” MSTIC says. “Once it’s Base64-decoded, the string contains two offsets, with each offset pointing to a different location in the corresponding .key file. This way, the attacker can decrypt the file using these offsets.”

This discovery comes about a week after South Korean cybersecurity agency KISA released a free decryption tool for victims of Hive ransomware. The decryption tool works for files encrypted by Hive versions v1 through v4.

Seeing as the decryptor’s release rendered these versions of the Hive RaaS almost useless, it’s likely that this event triggered the decision to migrate to Rust for high-complexity encryption.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

SIM Swapper Involved in $22 Million Crypto Heist Sentenced to 18 Months in Prison SIM Swapper Involved in $22 Million Crypto Heist Sentenced to 18 Months in Prison
Vlad CONSTANTINESCU

December 05, 2022

1 min read
Hive Social Taken Offline as ‘Critical Vulnerabilities’ Could Expose Private Messages, Other Data Hive Social Taken Offline as ‘Critical Vulnerabilities’ Could Expose Private Messages, Other Data
Filip TRUȚĂ

December 05, 2022

1 min read
Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info
Alina BÎZGĂ

December 02, 2022

2 min read