Ransomexx2

Malware updated 5 months ago (2024-05-04T18:18:34.032Z)
Download STIX
Preview STIX
RansomExx2 is a newly discovered variant of the RansomExx malware, designed to target Linux operating systems and exploit vulnerable ESXi servers. This strain has been identified through its distinctive MD5 hash 377C6292E0852AFEB4BD22CA78000685 and is recognized as a Linux executable written in the Rust programming language. It is part of a growing trend of ransomware developers releasing Rust versions of their malware, with other examples including BlackCat, Hive, and Zeon. Despite being completely rewritten in Rust, RansomExx2 maintains similar functionality to its C++ predecessor. The naming of this new variant is based on strings found within the ransomware itself and is corroborated by updates to the ransomware group's website. The page title of the group’s website has been updated to ‘ransomexx2', further solidifying the identity of this new threat. Source code path strings within the binary also indicate that this ransomware is a derivative of the original RansomExx, hence the name RansomExx2. At this time, it remains unclear whether the attacks orchestrated using RansomExx2 are conducted by the same threat actors involved in the ESXiArgs campaign. This uncertainty adds another layer of complexity to the challenge of combating this new strain. As RansomExx2 continues to pose a significant threat to Linux machines and ESXi servers, ongoing vigilance and robust cybersecurity measures are essential to mitigate potential damage.
Description last updated: 2024-05-04T17:21:37.594Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Linux
Rust
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Ransomexx2 Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago
SecurityIntelligence.com
2 years ago