gwin 0 Posted March 1 Share Posted March 1 Hello ESET, The RansomEXX attack has been spreading a lot lately, I'm using ESET products so far not affected by this attack but is there any information regarding this type of ransomware attack, has it been detected by ESET For the variant name Detection ? The latest specific version of the module that contains this detection ? and whether for version 9.1 endpoint security can detect it ? , because some PCs still use Windows 7 Sp1. thanks and best regards, Quote Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 4,614 Posted March 1 Administrators Solution Share Posted March 1 According to the payment instructions I've found in RansomEXX descriptions on the Internet, it should be Win32/Filecoder.OCN. This detection was added in Sept 2020. Quote Link to comment Share on other sites More sharing options...
gwin 0 Posted March 1 Author Share Posted March 1 Thanks a lot Marcos Regards, Quote Link to comment Share on other sites More sharing options...
itman 1,510 Posted March 1 Share Posted March 1 (edited) 5 hours ago, Marcos said: According to the payment instructions I've found in RansomEXX descriptions on the Internet, it should be Win32/Filecoder.OCN. This detection was added in Sept 2020. RansomEXX was totally rewritten in Rust programming language in 2022: Quote The operators of the RansomExx ransomware have become the latest to develop a new variant fully rewritten in the Rust programming language, following other strains like BlackCat, Hive, and Luna. The latest version, dubbed RansomExx2 by the threat actor known as Hive0091 (aka DefrayX), is primarily designed to run on the Linux operating system, although it's expected that a Windows version will be released in the future. https://thehackernews.com/2022/11/new-ransomexx-ransomware-variant.html I am skeptical that a 2020 signature would be able to detect this new variant. Edited March 1 by itman Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,614 Posted March 1 Administrators Share Posted March 1 11 minutes ago, itman said: RansomEXX was totally rewritten in Rust programming language in 2022: https://thehackernews.com/2022/11/new-ransomexx-ransomware-variant.html A detection for this variant was added on Oct 31, 2022: @Trojan.Linux/Filecoder.RansomEXX.B itman and Peter Randziak 2 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.