ESET researchers discovered a new Hive ransomware variant that was specifically developed to encrypt Linux and FreeBSD. Researchers at the cybersecurity firm believe that the new encryptors are still under development.
Both variants are written in Golang, but the strings, package names and function names have been obfuscated.
The Linux variant seems to be affected by some bugs, the researchers noticed that the encryption process does not work when the malware is executed with an explicit path.
Unlike the Windows variant of the ransomware that supports up to 5 execution options, the new Linux and FreeBSD variants only support one command line parameter (-no-wipe).
According to ESET, Linux version of the Hive ransomware also fails to trigger the encryption if it is not executed with root privileges.
In August, The Federal Bureau of Investigation (FBI) released a flash alert on the Hive ransomware attacks that includes technical details and indicators of compromise associated with the operations of the gang.
The Hive gang has been active since June 2021, it implements a Ransomware-as-a-Service model and employs a wide variety of tactics, techniques, and procedures (TTPs). Government experts state that the group uses multiple mechanisms to compromise networks of the victims, including phishing emails with malicious attachments to gain access and Remote Desktop Protocol (RDP) to move laterally once on the network.
In order to facilitate file encryption, the ransomware look for processes associated with backups, anti-virus/anti-spyware, and file copying and terminates them. The Hive ransomware adds the .hive extension to the filename of encrypted files.
According to the experts, Hive operators have already hit tens of organizations and the discovery of a Linux variant demonstrates that the gang is expanding its operations.
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, ransomware)
[adrotate banner=”5″]
[adrotate banner=”13″]
Chinese "kill switches" found in Chinese-made power inverters in US solar farm equipment that could…
FBI warns ex-officials are targeted with deepfake texts and AI voice messages impersonating senior U.S.…
Google warns that the cybercrime group Scattered Spider behind UK retailer attacks is now targeting…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium, DrayTek routers, and SAP NetWeaver…
On day two of Pwn2Own Berlin 2025, participants earned $435,000 for demonstrating zero-day in SharePoint,…
New botnet HTTPBot is targeting China's gaming, tech, and education sectors, cybersecurity researchers warn. NSFOCUS …
This website uses cookies.
