A new Hive ransomware version written in Go has been created for Linux and FreeBSD operating systems.
Researchers emphasised many aspects that indicate that these variations are currently in beta testing and development. When the virus is started with an explicit path in the Linux form, the encryption process fails owing to a defect. Furthermore, when not executed with root access, the Linux version fails to initiate the encryption process. Furthermore, the Linux and FreeBSD implementations accept just one command line parameter (-no-wipe), whereas the similar Windows variation supports five execution options. Encryption for the latest edition of Hive ransomware, as discovered by ESET researchers, is expected to be still in the works.
Hive has been providing ransomware as a service since June. The gang is well-known for utilizing phishing emails with harmful attachments to obtain access to victims’ networks. They utilize RDP to travel laterally across the network once inside the network. The ransomware targets and stops processes connected to backups, antivirus, and anti-spyware.
According to the researchers, Linux (particularly ESXi instances) has recently been a favoured target for various ransomware operators. This tendency has been recognized by HelloKitty, REvil, BlackMatter, and others. Furthermore, the discovery of Hive ransomware Linux and FreeBSD versions suggests that Hive developers are actively investing in the malware’s future development.