These are a couple of Yara rules that I wrote for detecting RansomExx, a linux-based ransomware.
Usage: $yara ransomexx.yar -path-to-dir-to-be-scanned
Get it from Github
author = "Vishal Thakur - malienist.medium.com"
date = "2021-11-30"
version = "1"
description = "Detects RansomExx Linux Ransomware"
info = "Generated from information extracted from the malware sample…