gwin 0 Posted March 1, 2023 Share Posted March 1, 2023 Hello ESET, The RansomEXX attack has been spreading a lot lately, I'm using ESET products so far not affected by this attack but is there any information regarding this type of ransomware attack, has it been detected by ESET For the variant name Detection ? The latest specific version of the module that contains this detection ? and whether for version 9.1 endpoint security can detect it ? , because some PCs still use Windows 7 Sp1. thanks and best regards, Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,074 Posted March 1, 2023 Administrators Solution Share Posted March 1, 2023 According to the payment instructions I've found in RansomEXX descriptions on the Internet, it should be Win32/Filecoder.OCN. This detection was added in Sept 2020. Link to comment Share on other sites More sharing options...
gwin 0 Posted March 1, 2023 Author Share Posted March 1, 2023 Thanks a lot Marcos Regards, Link to comment Share on other sites More sharing options...
itman 1,659 Posted March 1, 2023 Share Posted March 1, 2023 (edited) 5 hours ago, Marcos said: According to the payment instructions I've found in RansomEXX descriptions on the Internet, it should be Win32/Filecoder.OCN. This detection was added in Sept 2020. RansomEXX was totally rewritten in Rust programming language in 2022: Quote The operators of the RansomExx ransomware have become the latest to develop a new variant fully rewritten in the Rust programming language, following other strains like BlackCat, Hive, and Luna. The latest version, dubbed RansomExx2 by the threat actor known as Hive0091 (aka DefrayX), is primarily designed to run on the Linux operating system, although it's expected that a Windows version will be released in the future. https://thehackernews.com/2022/11/new-ransomexx-ransomware-variant.html I am skeptical that a 2020 signature would be able to detect this new variant. Edited March 1, 2023 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted March 1, 2023 Administrators Share Posted March 1, 2023 11 minutes ago, itman said: RansomEXX was totally rewritten in Rust programming language in 2022: https://thehackernews.com/2022/11/new-ransomexx-ransomware-variant.html A detection for this variant was added on Oct 31, 2022: @Trojan.Linux/Filecoder.RansomEXX.B itman and Peter Randziak 2 Link to comment Share on other sites More sharing options...
Recommended Posts