Aiming at domestic government and enterprises! Deeply revealed ransomware operator Rast gang

Description

A new ransomware threat, dubbed Rast, has emerged targeting Chinese government and enterprises since December 2023. Written in Rust, Rast has infected over 6,800 terminals, successfully encrypting more than 5,700. The Rast gang, named after the ransomware, operates primarily between 20:00 and 05:00, suggesting a European base. Their attack method involves RDP brute-forcing and exploiting Nday vulnerabilities to access border servers, followed by manual deployment of ransomware components. The gang's tactics are reminiscent of operators distributing Buran, GlobeImposter, Phobos, and GandCrab ransomware. Rast ransomware has evolved through three versions, with the latest requiring manual operation via a console interface. Victim information is uploaded to a MySQL database, revealing a wide range of affected sectors including government, finance, and various industries.