For more information, please see the entry on RansomExx.
RansomExx2 is the next iteration of the Defray family of ransomware. As assumed, RansomExx2 is a direct variant of RansomExx and contains similar functionality. This variant is programmed in the Rust programming language and was discovered in mid-November. The first known victim was discovered in 2022. However, it's unknown if this victim was infected with RansomExx or RansomExx2. Based on the website name change in late November to RansomExx2, it's safe to assume the Rust variant. Although, this is not confirmed. Nevertheless, the threat actors are the same.
The only major difference between the original RansomExx and RansomExx2 is the use of Rust programming language. Also, the group changed their website name to RansomExx2, instead of just RansomExx. This indicates the group sought this as the next generation of their ransomware as well. Since the self-named RansomExx2 ransomware differs from the original, all victims posted on their newly named website will appear here and not in the original RansomExx victims table. RansomExx2 victims began December 11, 2022, and everything posted after will be listed here. Everything else prior is in RansomExx.
Known Victims(9)
| Industry Sector | Country | Extortion Date | Amount (USD) |
|---|---|---|---|
| Manufacturing | Norway | ||
| Distribution & Logistics | Indonesia | ||
| Legal | Italy | ||
| Agriculture | United States | ||
| Construction & Architecture | Italy | ||
| Telecommunications | Trinidad and Tobago | ||
| Banking & Finance | France | ||
| Construction & Architecture | Qatar | ||
| Aerospace & Aviation | Kenya |