The tech giant’s security team also said that many of the variants and samples it analyzed have low detection rates, and none are correctly identified as Hive (despite the malware being first spotted last year) by some antivirus software programs. The impact of these updates would also be far-reaching since Hive’s RaaS payload has been spotted by Microsoft in organizations in the healthcare and software industries and connected with large ransomware affiliates like DEV-0237. “The constants that are used to decrypt the same string sometimes differ across samples, making them an unreliable basis for detection.” “The new Hive variant uses string encryption that can make it more evasive,” reads Microsoft’s advisory.” These include memory, data type and thread safety, deep control over low-level resources, the ability to render the malware resistant to reverse engineering and a good variety of cryptographic libraries, among other things. “By switching the underlying code to Rust, Hive benefits from advantages that Rust has over other programming languages.” ![]() Microsoft also noticed that Hive is not the first ransomware written in Rust, and follows in the footsteps of BlackCat. “The most notable changes include a full code migration to another programming language and the use of a more complex encryption method,” the advisory explains. “With its latest variant carrying several major upgrades, Hive also proves it’s one of the fastest evolving ransomware families, exemplifying the continuously changing ransomware ecosystem,” reads the post.Īccording to Microsoft, the upgrades in the latest variant represent an overhaul of the entire ransomware infrastructure. The security experts outlined their findings in an advisory on Tuesday. Researchers from Microsoft Security have spotted an upgraded version of the ransomware-as-a-service (RaaS) dubbed Hive.
0 Comments
Leave a Reply. |