Rust-based Ransomware can hit anywhere including Windows, Linux and VMware ESXi

While it’s great for application developers to write applications in a language that runs seamlessly on many different operating systems, there is a downside to the application’s intention. Ransomware has damaged many companies, causing downtime, money, and sleepless nights. Looking into some statistics you can find damage predictions of $265 billion by 2031.

Writing Ransomware software in a development language like Rust opens new ways of attack as it can be easily compiled to work on many different operating systems including hypervisors like VMware ESXi.

fig6-3
source: https://www.uptycs.com/blog/black-basta-ransomware-goes-cross-platform-now-targets-esxi-systems

There is a syndicate called Black Basta that provides ransomware-as-a-service (Raas) that became prominent very quickly by amassing 50 victims within 2 months and is known for cross-platform ransomware development. And that cross-platform ransomware is already becoming a trend.

source: https://thehackernews.com/2022/06/cybersecurity-experts-warn-of-emerging.html

Some researchers warn that “Ransomware remains a big problem for today’s society – as soon as some families come off the stage, others take their place.” It is becoming the biggest global cyber treat.

To avoid being the next victim on the list many countermeasures are required and will help guard against many new problems that will arise over the coming months and year. Here are some general guidelines.

Know your software

An important countermeasure is to have a actively maintained catalog of the software that is running in your data center, computer, and edge device. Having SBOMs (Software Bill of Materials) and active search capabilities over dynamic SBOMs is a great help. Especially for cross-platform ransomware  which typically is delivered as a single binary and the unique checksum disclosed by ransomware researcher or as part of security advisories.

As an example, one version of the ransomware binary hash (or checksum) that can affect Linux and VMware ESXi is 0d6c3de5aebbbe85939d7588150edf7b7bdc712fceb6a83d79e65b6f79bfc2ef.

Having a software platform like Codenotary Trustcenter enables you to simply search for this checksum or any other you are aware of. That way you can find out if you already have that component in your environment or get alerts the moment it is detected somewhere. Of course you can also pro-actively untrust these hashes when you read about it, so your build and/or deployment process don’t even continue when such a checksum appears.

Be aware

The chances of becoming a victim of a ransomware attack are increasing every day. The bad actors are very creative with email campaigns, social engineering or even fake job offers. Having Web Application Firewalls (WAF) in place is very important to protect against exposed software and database vulnerabilities. Antivirus software and vulnerability scanner to detect known threats. Backup and Archiving solutions need to be in place as well – the last resort.

But awareness of every team member in your company or organization is of huge importance.

There is much more to it, but in general – if something looks fishy, don’t open it.

Software Updates

Updating software and operating systems is always a bit risky, but not updating it is even riskier today. If there is an exploit that can be used because of an older version of a library or application, you open the doors for malicious code including ransomware. Log4j is still a very present example and will take a long time before the exploit will stop and the updates are in place.

Permissions, Permissions, Permissions

Many applications can’t do much or limit damage when the permissions are restrictive. The principle of least privilege is key and very important. Don’t open applications with elevated permissions you don’t know and are scanned and approved. Don’t log in as root or use sudo to run applications.

RELATED ARTICLES

Save energy without reducing VM performance in your VMware vSphere cluster
16 August 2022
Over the last couple of decades energy consumption went up massively in every data center and while the…
Dennis
Metrics & Logs support for IoT - Bringing Secure Monitoring and Logging to the Edge
7 July 2022
Simple uptime monitoring for Internet-of-Things (IoT) is well-known and requires knowing if the devices are up and running.…
Dennis
Monitoring Azure SQL Managed Instance with Opvizor Metrics & Logs
17 January 2022
When you have critical applications and business processes that rely on Azure resources, it's critical to keep an…
Dennis

White Paper — Registration

You will receive the research paper by mail.

Codenotary — Webinar

White Paper — Registration

Please let us know where we can send the whitepaper on CodeNotary Trusted Software Supply Chain. 

Become a partner

Start Your Trial

Please enter contact information to receive an email with the virtual appliance download instructions.

Start Free Trial

Please enter contact information to receive an email with the free trial details.

Subscribe to our newsletter