Inside Akira Ransomware's Rust Experiment

SUMMARY :

Check Point Research analyzed the Rust version of Akira ransomware that targeted ESXi servers in early 2024. The malware's complex assembly is attributed to Rust idioms, boilerplate code, and compiler strategies. The analysis reveals the ransomware's use of the seahorse CLI framework, indicatif library for progress reporting, and a hybrid encryption approach using curve25519 and SOSEMANUK. The malware's default behavior targets ESXi VMs, but it can also function as general-purpose Linux ransomware. The study highlights the challenges in reverse-engineering Rust binaries due to aggressive inlining and optimization, emphasizing the need for advanced tooling to identify spliced inline code.

OPENCTI LABELS :

ransomware,rust,akira


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Inside Akira Ransomware's Rust Experiment