Ransomexx2

RansomExx2 is a newly discovered variant of the RansomExx malware, designed to target Linux operating systems and exploit vulnerable ESXi servers. This strain has been identified through its distinctive MD5 hash 377C6292E0852AFEB4BD22CA78000685 and is recognized as a Linux executable written in the Rust programming language. It is part of a growing trend of ransomware developers releasing Rust versions of their malware, with other examples including BlackCat, Hive, and Zeon. Despite being completely rewritten in Rust, RansomExx2 maintains similar functionality to its C++ predecessor. The naming of this new variant is based on strings found within the ransomware itself and is corroborated by updates to the ransomware group's website. The page title of the group’s website has been updated to ‘ransomexx2', further solidifying the identity of this new threat. Source code path strings within the binary also indicate that this ransomware is a derivative of the original RansomExx, hence the name RansomExx2. At this time, it remains unclear whether the attacks orchestrated using RansomExx2 are conducted by the same threat actors involved in the ESXiArgs campaign. This uncertainty adds another layer of complexity to the challenge of combating this new strain. As RansomExx2 continues to pose a significant threat to Linux machines and ESXi servers, ongoing vigilance and robust cybersecurity measures are essential to mitigate potential damage.