Hive Ransomware Now Encrypts Linux and FreeBSD Systems

Saturday October 30, @11:52AM
Hive ransomware now encrypts Linux and FreeBSD systems:

The Hive ransomware gang now also encrypts Linux and FreeBSD using new malware variants specifically developed to target these platforms.

However, as Slovak internet security firm ESET discovered, Hive's new encryptors are still in development and still lack functionality.

The Linux variant also proved to be quite buggy during ESET's analysis, with the encryption completely failing when the malware was executed with an explicit path.

It also comes with support for a single command line parameter (-no-wipe). In contrast, Hive's Windows ransomware comes with up to 5 execution options, including killing processes and skipping disk cleaning, uninteresting files, and older files.

The ransomware's Linux version also fails to trigger the encryption if executed without root privileges because it attempts to drop the ransom note on compromised devices' root file systems.

"Just like the Windows version, these variants are written in Golang, but the strings, package names and function names have been obfuscated, likely with gobfuscate," ESET Research Labs said.

[...] In the past, the Snatch and PureLocker ransomware operations have also used Linux variants on their attacks.

  • (Score: 2, Informative) by canopic jug on Saturday October 30, @12:06PM

    by canopic jug (3949) Subscriber Badge on Saturday October 30, @12:06PM (#1191925) Journal

    Digging through the "article" there is precious little information about what's really going on there. However, there are some clues which strongly suggest that this only affects VM guests running on Windoze hosts and that the way in is via the Windoze host not the Linux or FreeBSD system itself. In other words, this looks like more of the same, especially when you take the source Bleeping Computer into account. It has a long history of pushing Windows and spewing FUD and disparagement against all the better systems.

  • (Score: 2) by Opportunist on Saturday October 30, @12:07PM (1 child)

    by Opportunist (5545) on Saturday October 30, @12:07PM (#1191926)

    Back in the good old days, at least malware was still the domain of the assembler and C gurus.

    Today, even that bastion has fallen and even they know jack shit about programming anymore.

    • (Score: 0) by Anonymous Coward on Saturday October 30, @01:12PM

      by Anonymous Coward on Saturday October 30, @01:12PM (#1191938)
      Exactly. Who the fuck needs golang on their system anyway? Waste of soace - remove it, same as that abandonware known as emacs.
