Ransomware - RansomExx2

RansomExx2 (Active)
Aliases
RansomEXX2
Ransom X 2
Decryptor Available
No
Description

For more information, please see the entry on RansomExx.

RansomExx2 is the next iteration of the Defray family of ransomware. As assumed, RansomExx2 is a direct variant of RansomExx and contains similar functionality. This variant is programmed in the Rust programming language and was discovered in mid-November. The first known victim was discovered in 2022. However, it's unknown if this victim was infected with RansomExx or RansomExx2. Based on the website name change in late November to RansomExx2, it's safe to assume the Rust variant. Although, this is not confirmed. Nevertheless, the threat actors are the same.

The only major difference between the original RansomExx and RansomExx2 is the use of Rust programming language. Also, the group changed their website name to RansomExx2, instead of just RansomExx. This indicates the group sought this as the next generation of their ransomware as well. Since the self-named RansomExx2 ransomware differs from the original, all victims posted on their newly named website will appear here and not in the original RansomExx victims table. RansomExx2 victims began December 11, 2022, and everything posted after will be listed here. Everything else prior is in RansomExx.

Ransomware Type
Crypto-Ransomware
HumOR
First Seen
Lineage
Threat Actors
Tipo
Actor
Cybergroup
Sprite Spider
Extortion Types
Direct Extortion
Double Extortion
Encryption
Type
Hybrid
Files
AES-256-ECB
Key
RSA-4096
File Extension
<file name>.<unique to targeted org>
Ransom Note Name
!_WHY_FILES_ARE_ENCRYPTED_!.txt
Ransom Note Image
Samples (SHA-256)
a7ea1e33c548182b8e56e32b547afb4b384ebe257ca0672dbf72569a54408c5c
Industry Sector Paese Extortion Date Amount (USD)
ManufacturingNorway
Distribution & LogisticsIndonesia
LegalItaly
AgricultureUnited States
Construction & ArchitectureItaly
TelecommunicationsTrinidad and Tobago
Banking & FinanceFrance
Construction & ArchitectureQatar
Aerospace & AviationKenya
References & Publications
Security Intelligence: RansomExx upgrades to rust