Modern Ransomware Is Being Written In Rust. (Bad News — It Is Extremely Resilient.) | by Dr. Ashish Bamania | Jan, 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Rust has been the most loved language among developers for almost a decade straight.

Unfortunately (but not surprisingly), Rust is getting popular amongst Cybercriminals as well.

BlackCat, a ransomware group that affected more than 200 organizations just in 2022 is one of the major bad players in the ransomware game.

Let alone infecting machines by itself, it’s offering a RaaS (Ransomware-as-a-Service) affiliate program on the dark web.

And guess what, it is writing its Ransomware in Rust.

Source: BlackCat’s Profile on Socradar

Other groups namely, Hive, Luna, RansomExx, and Agenda are all using Rust in their malicious codebase (the other popular language being Golang).

Source: SentinelOne OverWatch 2022 report

Here are some important reasons why Rust is a popular (and almost ideal) choice for creating malicious software.

Rust code is memory efficient and is less prone to crashing.

There are many reasons for this.

Garbage collection in languages like Java introduces latency due to periodic scanning and cleaning of unused memory.

But this is not the case with Rust.

Rust automatically deallocates memory when a variable goes out of scope. This prevents the need for a garbage collector.

Example of Automatic Memory Deallocation In Rust (Image by author)

Rust also has a unique approach to memory management through its Ownership and Borrowing rules, which help prevent memory leaks.

In Rust, each value has a single owner variable and this ownership can be transferred.


Click Here For The Original Source.

National Cyber Security