According to ESET, a Slovak internet security company that provides anti-virus and firewall products, Hive ransomware’s new encryption tools are currently at the development stage and still lack functionality.
During ESET’s investigation, the Linux version also proved to be highly problematic, with encryption malfunctioning when the virus was run with an exact path.
It also supports a single command line parameter (-no-wipe). Hive’s Windows ransomware, on the other hand, has up to five execution options, including ending processes and skipping disk cleaning, as well as ignoring uninteresting files and older documents.
As explained by BleepingComputer, the ransomware’s Linux variant also fails to encrypt when performed without root privileges because it tries to drop the ransom note on damaged devices’ root file systems.
Just like the Windows version, these variants are written in Golang, but the strings, package names and function names have been obfuscated, likely with gobfuscate.
First noticed in June 2021, Hive ransomware has already impacted over 30 companies, counting only those that failed to pay the requested ransom. According to the FBI, the Hive