from the black-cats-creep-across-my-path dept.
Microsoft security researchers have discovered new variants of the one-year-old Hive ransomware that was written in the Go programming language but has been re-written in Rust:
Hive emerged in June 2021 and was spotlighted by the FBI in an alert two months later. In November, European electronics retail giant MediaMarkt also got stung by Hive. It's another ransomware-as-a-service (RaaS) double-extortion gang that has recently been targeting vulnerable Microsoft Exchange Servers, vulnerable RDP servers, compromised VPN credentials, and phishing to deploy their ransomware and steal leak-worthy information.
Hive's Rust migration has been underway for a few months as it adopted lessons from BlackCat ransomware, which is also written in Rust. Via BleepingComputer, Group-IB researchers in March found that Hive had converted its Linux encryptor (for targeting VMware ESXi servers) to Rust to make it harder for security researchers to spy on its ransom talks with victims.
Microsoft's analysis indicates that Hive's Rust rewrite is much more comprehensive, but backs up the importance of the change to its encryption methods noted in March.
[...] "Instead of embedding an encrypted key in each file that it encrypts, it generates two sets of keys in memory, uses them to encrypt files, and then encrypts and writes the sets to the root of the drive it encrypts, both with .key extension," Microsoft notes.
(Score: 3, Offtopic) by canopic jug on Thursday July 07 2022, @05:06PM
That's not possible. The CoC does not allow that kind of activity.
Money is not free speech. Elections should not be auctions.
(Score: 4, Funny) by ilsa on Thursday July 07 2022, @06:52PM (9 children)
Now if only legitimate software could rise to this level of code quality.
(Score: 2) by turgid on Thursday July 07 2022, @07:29PM (8 children)
I haven't looked at Rust much, but how does it compare to Ada?
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 3, Informative) by HiThere on Thursday July 07 2022, @08:18PM (7 children)
Rust it a bit easier to use, and the compiler is smaller.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 0) by Anonymous Coward on Saturday July 09 2022, @05:02PM (6 children)
It may produce smaller binaries, but it currently hogs too much memory to even compile itself on x86 (not x86_64) anymore, which means you need to expect a lot more memory usage as well as build time for something that may offer diminishing returns.
While a lot of its features appealed to me, losing access to multiple generations of hardware that now require hosted builds is a non-starter for me.
(Score: 2) by ilsa on Monday July 11 2022, @12:20PM (5 children)
Do you have any details on this? Cause this is exactly the opposite of what I understand about Rust. Rust binaries should be similar to and possibly smaller, than C binaries thanks to the reduced checking code.
And I can't parse your second paragraph at all. What hosted builds?
(Score: 2) by janrinok on Monday July 11 2022, @12:34PM (2 children)
(Score: 2) by ilsa on Tuesday July 12 2022, @03:22PM (1 child)
If that's the case, they need to look at implementing toolchains in rust. It is entirely possible for rust to cross-compile to a non-x64 target. As a general rule, if you can do it in C, you can do it in Rust.
(Score: 2) by janrinok on Tuesday July 12 2022, @03:44PM
(Score: 2) by turgid on Tuesday July 12 2022, @08:34PM (1 child)
"The compiler is smaller" to me tells me that the compiler itself is simpler and "the binaries are smaller" tells me that the machine code that comes out of the compiler (ie my program turned into binary) is smaller and probably more efficient. It doesn't say that the compiler uses less memory when it is running (doing the compiling). In fact, it kind of implies that the compiler uses more memory because, by implication, it is doing more work.
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 2) by ilsa on Thursday July 14 2022, @12:27PM
I can't comment on compiler size because I don't know enough either way, but Rust does have some very interesting particularities that, logically, implies why the binaries are smaller.
Rust is one of the few languages out there (I think someone mentioned Ada being another) that enforces the concept of memory ownership. You can't just change whatever variable you want willy nilly. If you try to modify a variable out of turn, you will get a compiler error. Not a warning, but an outright error.
Additionally, Rust enforces certain code safety patterns, such as when you are doing a switch statement against a value, you are _required_ to handle against every possible value it can contain. If you don't, it's another compiler error.
There are other smart things they've done but between those two things above, Rust has completely eliminated entire classes of programming errors, and a large amount of boilerplate runtime checking code that typically needs to be included in the final binary is no longer needed.
Rust, IMO, is the single most innovative language designed in the last 20 years, and is the critical successor to C that we've been waiting for.