For more information, please see the entry on Nokoyawa.
This ransomware, as you probably could guess, is a variant of Nokoyawa that was discovered in early 2022. This isn't the only variant of Nokoyawa. Another variant known as Nokoyawa 2.0 was discovered prior to Nokoyawa 1.1 - where 1.1 was discovered in February 2023 and 2.0 was discovered in September 2022. The naming, therefore, isn't by discovery date. Rather, it's because Nokoyawa 1.1 is written in C/C++. Whereas the 2.0 version evolved from C/C++ to Rust. It's believed that two different developments of Nokoyawa were developed concurrently.
The primary difference between the original Nokoyawa and the 1.1 version is that the encryption routine is hardcoded in the original, and Nokoyawa 1.1 requires the operator to run a custom command line execution routine. In other words, the original Nokoyawa required the operator to simply run the executable (with optional parameters), and this version requires command-line arguments. The other obvious difference is the programming language - C/C++ and Rust, respectively.
The custom commands allow the operator to use a custom file extension, ransom note, and select which files are to be encrypted. This follows similar behavior of Ransomware-as-a-Service (RaaS) ransomware and custom builders, which allow operators customization over their payloads. However, there is no evidence that the Nokoyawa creators leveraged RaaS capabilities until later iterations of this ransomware. You can view the Nevada ransomware for information on that.
Ransom note pictures derived from The DFIR Report
