gwin 0 Posted March 1, 2023 Posted March 1, 2023 Hello ESET, The RansomEXX attack has been spreading a lot lately, I'm using ESET products so far not affected by this attack but is there any information regarding this type of ransomware attack, has it been detected by ESET For the variant name Detection ? The latest specific version of the module that contains this detection ? and whether for version 9.1 endpoint security can detect it ? , because some PCs still use Windows 7 Sp1. thanks and best regards,
Administrators Solution Marcos 5,741 Posted March 1, 2023 Administrators Solution Posted March 1, 2023 According to the payment instructions I've found in RansomEXX descriptions on the Internet, it should be Win32/Filecoder.OCN. This detection was added in Sept 2020.
itman 1,924 Posted March 1, 2023 Posted March 1, 2023 (edited) 5 hours ago, Marcos said: According to the payment instructions I've found in RansomEXX descriptions on the Internet, it should be Win32/Filecoder.OCN. This detection was added in Sept 2020. RansomEXX was totally rewritten in Rust programming language in 2022: Quote The operators of the RansomExx ransomware have become the latest to develop a new variant fully rewritten in the Rust programming language, following other strains like BlackCat, Hive, and Luna. The latest version, dubbed RansomExx2 by the threat actor known as Hive0091 (aka DefrayX), is primarily designed to run on the Linux operating system, although it's expected that a Windows version will be released in the future. https://thehackernews.com/2022/11/new-ransomexx-ransomware-variant.html I am skeptical that a 2020 signature would be able to detect this new variant. Edited March 1, 2023 by itman
Administrators Marcos 5,741 Posted March 1, 2023 Administrators Posted March 1, 2023 11 minutes ago, itman said: RansomEXX was totally rewritten in Rust programming language in 2022: https://thehackernews.com/2022/11/new-ransomexx-ransomware-variant.html A detection for this variant was added on Oct 31, 2022: @Trojan.Linux/Filecoder.RansomEXX.B Peter Randziak and itman 2
Recommended Posts