
The Agenda ransomware group has been observed using the Rust programming language to develop new malware and use it to breach several companies.
It claimed to have breached on its leak site are located in various countries and victims belong to the manufacturing and IT industries. They have a combined revenue of around $550m.
A sample of the ransomware written in Rust language and the variant has also been seen using intermittent encryption tactics to deliver faster encryption and avoid detection more efficiently. Earlier with Go language as backend, it is found targetting Thailand and Indonesia
Unlike the previous Golang variant, the Agenda ransomware group did not include the victim’s credentials in the Rust variant’s configuration.
This feature of the latter prevents other researchers not only from visiting the ransomware’s chat support site but also accessing the threat actors’ conversations when a sample becomes available externally.
Rust is becoming more popular among threat actors as it is more difficult to analyze and has a lower detection rate by antivirus engines. Rust is also being increasingly used by Google to increase the security of the Android OS.
Indicators of Compromise
- e90bdaaf5f9ca900133b699f18e4062562148169b29cb4eb37a0577388c22527
- 55e070a86b3ef2488d0e58f945f432aca494bfe65c9c4363d739649225efbbd1
- 37546b811e369547c8bd631fa4399730d3bdaff635e744d83632b74f44f56cf6