December 19, 2022Rabbi Lakshmanan

Rust variant of ransomware strain known as agenda has been observed in the wild, making it the latest malware to adopt a cross-platform programming language after BlackCat, Hive, Luna, and RansomExx.

Agenda is a Ransomware as a Service (RaaS) group attributed to an operator named Qilin and is associated with a series of attacks primarily targeting manufacturing and IT industries in various countries.

Previous versions of the ransomware, written in Go and customized for each victim, identified the healthcare and education sectors in countries such as Indonesia, Saudi Arabia, South Africa, and Thailand.

cyber security

Agenda extends the idea of ​​partial encryption (a.k.a. intermittent encryption) by configuring parameters used to determine the percentage of file content to be encrypted, similar to Royal ransomware .

agenda ransomware

“This tactic is gaining popularity among ransomware attackers because it can speed up encryption and avoid detections that rely heavily on file read/write operations,” said a group of Trend Micro researchers. increase. Said in last week’s report.

Analyzing the ransomware binaries, we found that the encrypted files have the extension “MmXReVIxLV” and drops a ransom note in every directory.

Additionally, the Rust version of Agenda can terminate Windows AppInfo processes and disable User Account Control (UAC). UAC helps reduce the impact of malware by requiring administrator access to launch programs or tasks.

“Currently, the attackers appear to be migrating their ransomware code to Rust, as recent samples still lack some features found in the original binaries written in the Golang variant of the ransomware. ‘ said the researchers.

“The Rust language is becoming more popular among attackers because it is difficult to analyze and has a low detection rate by antivirus engines.”

Did you find this article interesting?Please follow us twitter When LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog