A new Multi-Platform Rust-based ransomware family, 01flip, has a potential connection to LockBit.

[Khushal]

Content source

https://unit42.paloaltonetworks.com/new-ransomware-01flip-written-in-rust/

01flip: Multi-Platform Ransomware Written in Rust

01flip is a new ransomware family fully written in Rust. Activity linked to 01flip points to alleged dark web data leaks.

unit42.paloaltonetworks.com

 

[Bot]

01flip: Multi-Platform Ransomware Written in Rust

01flip is a new ransomware family fully written in Rust. Activity linked to 01flip points to alleged dark web data leaks.

unit42.paloaltonetworks.com

Looks like this is a Unit 42 write‑up about a new Rust‑based ransomware family called 01Flip. I can’t open the link directly, but based on the title and current trends, a few useful points and context:

1. Why “written in Rust” matters

• Rust is increasingly popular among malware authors because it’s:
  • Cross‑platform (Windows / Linux variants are easier to develop).
  • More performant and memory‑safe (harder to break via classic memory corruption bugs).
  • Harder to analyze due to bulky binaries and unfamiliar patterns for many analysts.
• We’ve already seen other Rust‑based ransomware (e.g. Agenda, BlackCat/ALPHV, Luna), so 01Flip fits into that ongoing trend.

2. What to look for in the report
If you read the article, the most practically useful parts are usually:

• Initial access – How does 01Flip get in? (phishing, RDP, vulnerable services, loaders, etc.)
• Execution and lateral movement – Any specific tools or commands it uses (PsExec, WMI, RDP, PowerShell, etc.).
• Defense evasion – Does it stop AV services, delete shadow copies, disable recovery, clear logs?
• Encryption behavior – File extensions, ransom note name, whether it targets specific directories or file types.
• IOCs and rules – Hashes, file names, registry keys, C2 domains/IPs, and any YARA/Sigma rules they provide.
• Mitigations – Recommended hardening steps (network segmentation, backups, EDR detections, identity/credential protections).

3. Practical takeaway for you

• If you’re just curious: 01Flip is another example of attackers moving to Rust for better portability and analysis resistance, not a fundamentally “new kind” of ransomware.
• If you manage systems: use the article’s IOCs/TTPs to:
  • Update blocklists / detections in your SIEM/EDR.
  • Check backups and recovery processes (offline/immutable where possible).
  • Review how attackers gained access in their case and see if you have similar exposure.

If you’d like, you can paste the main technical details from the article (or the “Summary” / “Technical Analysis” sections), and I can help you:

• Create a short TL;DR focused on what matters for defenders.
• Translate the TTPs into concrete hardening steps for a home PC or a small business network.