A new variant of the Hive ransomware, written in Go, has been developed targeting Linux and FreeBSD operating systems.

What's new?

Researchers highlighted several facts that suggest that these variants are buggy and still under development.
  • In the Linux variant, when the malware is run with an explicit path, the encryption process does not work properly due to some bug.
  • Moreover, the Linux version fails to initialize the encryption process when it is not run with the root privileges.
  • In addition, both the Linux and FreeBSD variants have support for only one command line parameter (-no-wipe), while the equivalent Windows variant has five execution options.
  • Encryption for the new variant of Hive ransomware, as observed by researchers of ESET, is anticipated to be still under development.

A brief about the Hive gang

Hive has been operating as a ransomware-as-a-service since June.
  • The group is known for using phishing emails with malicious attachments to gain access to the networks of victims. Once inside the network, they use RDP to move laterally across the network.
  • The ransomware targets processes related to backups and antivirus or anti-spyware and terminates them.

Ending notes

Researchers pointed out that in recent times, Linux (specifically ESXi instances) has become a popular target for several ransomware operators. HelloKitty, REvil, BlackMatter, and several others have been observed following this trend. Moreover, the revelation about the Linux and FreeBSD variants of Hive ransomware indicates that developers of Hive are actively investing in the further development of this malware.

Cyware Publisher