"Agenda Ransomware Switches to Rust to Attack Critical Infrastructure"

The Agenda ransomware group has recently been observed developing new malware using the Rust programming language and using it to breach several companies.  Security researchers at Trend Micro stated that the companies the ransomware group claimed to have breached on its leak site are located in different countries and mainly belong to the manufacturing and IT industries.  They have a combined revenue of around $550m.  The researchers stated that they found a sample of the Agenda ransomware written in Rust language and that the variant has also been seen using intermittent encryption tactics to deliver faster encryption and avoid detection more efficiently.  The researchers noted that the same ransomware, originally written in Go language, was known for targeting healthcare and education sectors in countries like Thailand and Indonesia.  Unlike the previous Golang variant, the Agenda ransomware group did not include the victim's credentials in the Rust variant's configuration.  This feature of the latter prevents other researchers not only from visiting the ransomware's chat support site but also from accessing the threat actors' conversations when a sample becomes available externally.  The technique would also prevent unsolicited messages from other people besides the victim.  The researchers noted that the Agenda ransomware group is one of many slowly migrating its ransomware code to Rust.  The researchers stated that the Rust language is becoming more popular among threat actors as it is more difficult to analyze and has a lower detection rate by antivirus engines.

Infosecurity reports: "Agenda Ransomware Switches to Rust to Attack Critical Infrastructure"