Microsoft security researchers discover new variants of the Hive ransomware

Microsoft security researchers have discovered new variants of the one-year-old Hive ransomware, which was originally written in Go but has since been rewritten in Rust.

Hive first appeared in June 2021, and the FBI issued an alert two months later.

Another double-extortion gang has been targeting vulnerable Microsoft Exchange Servers via ransomware-as-a-service (RaaS).

Hive’s Rust migration has been ongoing for several months, as it has learned from the BlackCat ransomware, which is also written in Rust.

Microsoft discovered that the new ransom note used in older versions of Hive is more difficult to decipher. VMs should not be deleted or reinstalled.

The ransom note instructs victims that there will be nothing to decrypt. According to Microsoft, the most intriguing change to Hive was the new cryptography mechanism.