According to cybersecurity reports, a new variant of the recently emerged Agenda ransomware has surfaced, written in the Rust programming language and specifically designed to target critical infrastructure. This new Agenda variant is concerning to security experts because of its ability to cause significant disruption and damage to critical infrastructure.
New Agenda Ransomware Uses the Rust Language
The new Agenda ransomware variant is written in Rust, a relatively new programming language created by the Mozilla Foundation. Rust is known for its security features, including memory safety and data-race prevention. These features make it difficult for attackers to exploit Rust-based applications and make it a popular choice for creating secure applications.
This Agenda ransomware variant is designed to target critical infrastructure, such as power plants, water systems, and other vital services. It is believed that the ransomware was created by a group of cybercriminals called the Agar Group, most likely tied to Russia and linked to several high-profile ransomware attacks in the past.
“Recently, we found a sample of the Agenda ransomware written in Rust language and detected as Ransom.Win32.AGENDA.THIAFBB. Notably, the same ransomware, originally written in Go language, was known for targeting healthcare and education sectors in countries like Thailand and Indonesia,” Trend Micro researchers said.
The ransomware authors customized previous ransomware binaries for the intended victim through the use of confidential information, including leaked accounts and unique company IDs as the appended file extension. “The Rust variant has also been seen using intermittent encryption, one of the emerging tactics that threat actors use today for faster encryption and detection evasion,” the researchers added.
Rust Language in the Past Year
In December 2021, the first ransomware-as-a-service player using Rust was detected by Recorded Future and MalwareHunterTeam on two underground forums. Known as ALPVH and BlackCat, the ransomware group is the first to use Rust, while in fact this was the third ransomware strain to be entirely coded in Rust, as the other two were experimental.
It is curious to mention that a month later, in January 2022, a high severity vulnerability in the Rust programming language was reported. The flaw could be exploited to purge files and directories from an exposed system without the need of authorization.