• Latest
  • Trending
Hive ransomware ports its Linux VMware ESXi encryptor to Rust

Hive ransomware ports its Linux VMware ESXi encryptor to Rust

March 28, 2022
Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Friday, 17 July, 2026
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Hive ransomware ports its Linux VMware ESXi encryptor to Rust

by ITECHNEWS
March 28, 2022
in Infosec, Leading Stories
0 0
0
Hive ransomware ports its Linux VMware ESXi encryptor to Rust

The Hive ransomware operation has converted their VMware ESXi Linux encryptor to the Rust programming language and added new features to make it harder for security researchers to snoop on victim’s ransom negotiations.

As the enterprise becomes increasingly reliant on virtual machines to save computer resources, consolidate servers, and for easier backups, ransomware gangs are creating dedicated encryptors that focus on these services.

YOU MAY ALSO LIKE

French Telco Orange Hit by Cyber-Attack

ATC Ghana supports Girls-In-ICT Program

Ransomware gang’s Linux encryptors typically target the VMware ESXI virtualization platforms as they are the most commonly used in the enterprise.

While Hive has been using a Linux encryptor to target VMware ESXi servers for some time, a recent sample shows that they updated their encryptor with features first introduced by the BlackCat/ALPHV ransomware operation.

Hive borrows features from BlackCat

When ransomware operations attack a victim, they try to conduct their negotiations in private, telling victims if a ransom is not paid their data will be published and they will suffer a reputational hit.

However, when ransomware samples are uploaded to public malware analysis services, they are commonly found by security researchers who can extract the ransom note and snoop on negotiations.

In many cases, these negotiations are then publicized on Twitter and elsewhere, causing negotiations to fail.

The BlackCat ransomware gang removed Tor negotiation URLs from their encryptor to prevent this from happening. Instead, it required the URL to be passed as a command-line argument when the encryptor is executed.

This feature prevents researchers who find the sample from retrieving the URL as it’s not included in the executable and only passed to the executable at run time.

While the Hive Ransomware already requires a login name and password to access a victim’s Tor negotiation page, these credentials were previously stored in encryptor executable, making them easy to retrieve.

Hive Tor ransom negotiation site
Hive Tor ransom negotiation site

In a new Hive Linux encryptor found by Group-IB security researcher rivitna, the Hive operation now requires the attacker to supply the user name and login password as a command-line argument when launching the malware.

Instructions to Hive ransomware affiliatesInstructions to Hive ransomware affiliates

By copying BlackCat’s tactics, the Hive ransomware operation has made it impossible to retrieve negotiation login credentials from Linux malware samples, with the credentials now only available in ransom notes created during the attack.

It is not known if the Hive Windows encryptors are also using this new command-line argument at this time, but if not, we will likely see it added shortly.

Rivitna also told BleepingComputer that Hive continued to copy BlackCat by porting their Linux encryptor from Golang to the Rust programming language to make the ransomware samples more efficient and harder to reverse engineer.

“Rust allows to get safer, fast, and efficient code, while code optimization complicates analysis of Rust program,” rivitna told BleepingComputer in a chat on Twitter.

With the encryption of VMware ESXi virtual machines a critical part of a successful attack, ransomware operations are constantly evolving their code to not only be more efficient, but to keep the operations and negotiations secret.

As more businesses move to virtualization for their servers, we will continue to see ransomware developers not only focus on Windows devices, but also create dedicated Linux encryptors targeting ESXi.

Due to this, all security professionals and network admins need to pay close attention to their Linux servers to detect signs of attacks.

Source: Lawrence Abrams
Via: bleepingcomputer
Tags: Hive ransomware ports its Linux VMware ESXi encryptor
ShareTweet

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025

Recent News

  • Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa July 29, 2025
  • French Telco Orange Hit by Cyber-Attack July 29, 2025
  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version