A ransomware-as-a-service group has released a new variant of Agenda ransomware, designed to target more companies from different countries. The group has also posted company victims online, threatening to publish private files.
The latest variant of Agenda ransomware was written in Rust programming language, which is different from other recent variants written in Go.
“According to our observations in the past month, the Agenda ransomware’s activities included posting numerous companies on its leak site. The threat actors not only claimed that they were able to breach the servers of these companies but also threatened to publish their files,” Trend Micro wrote in a blog post.
Moreover, the cybercriminal group behind the ransomware posted victim companies from manufacturing and IT companies from around the globe, with combined revenue over US$550 million.
“The actors customized previous ransomware binaries for the intended victim through the use of confidential information such as leaked accounts and unique company IDs as the appended file extension,” Trend Micro added.
The latest Rust variant also uses intermittent encryption, Trend Micro warns is “one of the emerging tactics that threat actors use today for faster encryption and detection evasion.”
According to Trend Micro, ransomware threat actors are increasingly using Rust since it is more difficult to analyze and has a lower detection rate by anti-malware solutions.