Can ESET detect RansomEXX variants ?

[gwin 0]

Hello ESET,

 

The RansomEXX attack has been spreading a lot lately, I'm using ESET products so far not affected by this attack

but is there any information regarding this type of ransomware attack, has it been detected by ESET

For the variant name Detection ?
The latest specific version of the module that contains this detection ?
and whether for version 9.1 endpoint security can detect it ? , because some PCs still use Windows 7 Sp1.

 

thanks and best regards,

[Marcos 5,741]

According to the payment instructions I've found in RansomEXX descriptions on the Internet, it should be Win32/Filecoder.OCN. This detection was added in Sept 2020.

[gwin 0]

Thanks a lot Marcos

Regards,

[itman 1,924]

5 hours ago, Marcos said:

According to the payment instructions I've found in RansomEXX descriptions on the Internet, it should be Win32/Filecoder.OCN. This detection was added in Sept 2020.

RansomEXX was totally rewritten in Rust programming language in 2022:

Quote

The operators of the RansomExx ransomware have become the latest to develop a new variant fully rewritten in the Rust programming language, following other strains like BlackCat, Hive, and Luna.

The latest version, dubbed RansomExx2 by the threat actor known as Hive0091 (aka DefrayX), is primarily designed to run on the Linux operating system, although it's expected that a Windows version will be released in the future.

https://thehackernews.com/2022/11/new-ransomexx-ransomware-variant.html

I am skeptical that a 2020 signature would be able to detect this new variant.

Edited March 1, 2023 by itman

[Marcos 5,741]

11 minutes ago, itman said:

RansomEXX was totally rewritten in Rust programming language in 2022:

https://thehackernews.com/2022/11/new-ransomexx-ransomware-variant.html

A detection for this variant was added on Oct 31, 2022:
@Trojan.Linux/Filecoder.RansomEXX.B