For more information, please see the entry on Nokoyawa.
The 2.0 version of the Nokoyawa ransomware family features Rust for the first time. It also requires the ransomware operator to use command line arguments when attempting to execute the encryptor, or else it won't run. Furthermore, a specific Base64-encoded configuration file must be passed as an argument. These configurations include options to customize the ransom note name, its contents, and a custom file extension for the encrypted files.
Another notable feature is the introduction of a newer elliptic curve algorithm for the asymmetric encryption algorithm operation in combination with Salsa20. Nokoyawa and Nokoyawa 1.1 both used ECC-SECT233R1 and Nokoyawa 2.0 and Nevada (Nokoyawa 2.1) both use ECC-X25519. Even though the ransomware authors used secure encryption algorithms, their implementations in code contain flaws that allow researchers from ZScaler to create a decryptor. However, you will need the Curve25519 private key for decryption.
Oddly enough, Nokoyawa 2.0 samples discovered in the wild showed compile times before Nokoyawa 1.1 and at the same time as Nevada. This likely means that the ransomware authors simultaneously developed multiple versions of the Nokoyawa ransomware. There are different command line techniques, encryption algorithms, a switch to Rust, and a name change in Nevada.
Ransom note pictures derived from Securelist and Zscalar
