AI Detection Lessons from 01flip Rust Ransomware

01flip is a good reminder that “new” ransomware doesn’t need exotic tricks to hurt you. It just needs reach.

Unit 42 observed 01flip in 2025 targeting a small set of organizations in Asia-Pacific, including critical infrastructure. The interesting part isn’t a fancy encryption scheme or a sophisticated packer. It’s that the malware is fully written in Rust and shows up as both Windows and Linux variants with highly similar functionality—suggesting a single codebase compiled across platforms.

For teams following our AI in Cybersecurity series, 01flip is a clean case study: modern ransomware is betting on defenders being siloed (Windows team here, Linux team there) and on analysts burning time reversing increasingly complex binaries. AI-powered cybersecurity flips that advantage by focusing on behaviors, relationships, and anomalies across the whole environment—fast.

What 01flip tells us about ransomware in 2025

01flip’s main signal is this: ransomware operators want consistent execution across heterogeneous estates (Windows endpoints, Linux servers, mixed workloads). If you’re still treating ransomware as a “Windows problem,” you’re already behind.

Unit 42 tracked this activity as CL-CRI-1036 and noted a limited victim set so far. That “limited” label is exactly when organizations tend to underreact. I don’t love that habit. Early-stage ransomware families are where you can still win cheaply—by fixing exposed services, patching old holes, and tightening identity paths—before they get productized.

Why Rust matters (and why it doesn’t)

Rust matters because it makes multi-platform development easier and reverse engineering harder. Rust binaries often include patterns and compiler artifacts that produce more complex assembly than many analysts are used to.

Rust doesn’t matter because defenders shouldn’t be relying on reverse engineering alone to stop ransomware. You stop ransomware by catching:

• The initial access attempt and tooling
• The lateral movement pattern
• The encryption behavior and file-renaming spree
• The cleanup/self-delete behavior that follows

Those are detection and response problems—perfect territory for AI threat detection that correlates signals across endpoints, identity, network, and cloud.

How 01flip likely got in: old CVEs, real consequences

Unit 42 observed exploit attempts against older vulnerabilities such as CVE-2019-11580 against an internet-facing app, starting in April 2025. That detail should land with a thud: 2019 is ancient in patch-time.

The takeaway: ransomware campaigns still succeed with a depressingly familiar playbook.

Initial access isn’t “mysterious”—it’s usually visible

Even when investigators can’t prove the exact successful step, the footprint is typically there:

• Bursts of exploit traffic to a public-facing service
• Login attempts from unusual geographies
• New processes on servers that shouldn’t run “admin tooling”
• Suspicious outbound connections shortly after exploitation

This is where AI-based anomaly detection earns its keep. Traditional rules can catch some of this, but attackers vary timing, infrastructure, and parameters. AI models can prioritize what matters: unusual sequences, unusual combinations, and unusual relationships.

Post-exploitation: Sliver + hands-on keyboard is the real story

01flip itself is straightforward. The scarier part is what happens before encryption.

Unit 42 reported the attackers used Sliver (a legitimate, publicly available adversary emulation framework written in Go) as part of post-compromise activity, including a TCP pivot implant for lateral movement.

This is a pattern I’ve seen repeatedly: ransomware crews don’t need custom malware everywhere. They use legit-ish tooling (or dual-use frameworks) to move, dump creds, and stage the environment. Then they drop ransomware broadly.

What defenders should assume happened (and instrument for)

Unit 42 notes it’s “highly likely” the threat actors performed activities such as reconnaissance, credential dumping, and lateral movement. That’s not hand-waving; it’s operational reality.

You should instrument and hunt for:

• Credential access: LSASS access attempts, credential-file reads, abnormal sudo patterns on Linux
• Lateral movement: remote service creation, SMB/WinRM bursts, SSH fan-out from a single host
• Privilege escalation: new admin group membership, new SUID binaries, unusual token privileges

AI helps by clustering these behaviors into a single incident story: this host exploited the perimeter app → spawned a beacon → pivoted → authenticated to many systems → executed ransomware. That narrative is what speeds containment.

What 01flip actually does on hosts (and how to catch it fast)

01flip’s functionality is not subtle:

1. Enumerates drives (e.g., A: to Z:)
2. Drops ransom notes (RECOVER-YOUR-FILE.TXT) in writable directories
3. Renames files using: <ORIGINAL_FILENAME>.<UNIQUE_ID>.<0 or 1>.01flip
4. Encrypts files using AES-128-CBC with a session key protected by RSA-2048
5. Attempts to delete/overwrite itself

These are high-signal behaviors. Your biggest risk is not “can we detect this?” It’s “will we detect it before it encrypts enough to become existential?”

Defense evasion tricks: low-level calls and encoded strings

Unit 42 observed two notable evasion moves:

• Use of low-level APIs / system calls to blend into normal OS behavior
• Encoding of user-defined strings (ransom note content, extension list, RSA public key), decoded at runtime with a simple per-two-byte subtraction routine

This isn’t stealth like a nation-state rootkit. It’s closer to “reduce obvious signatures.”

AI-powered endpoint protection can still win here because the behavioral footprint remains loud:

• Rapid open/write/rename loops across many directories
• New ransom note file creation in many locations
• Spike in file entropy changes and write patterns consistent with encryption

Anti-sandbox quirk: filename checks

Some samples reportedly check whether the filename contains 01flip. If it does, the ransomware proceeds to indicator removal without encrypting.

For defenders, that’s a useful reminder: detonation in a sandbox isn’t a guarantee. AI-driven detection should not depend on “did it encrypt in the sandbox?” It should ask “is it exhibiting the sequence of behaviors that precedes encryption?”

The multi-platform problem: ransomware doesn’t respect your org chart

01flip has both Windows and Linux variants with mostly identical dependencies and behavior. That’s operationally important:

• Linux encryption hits file servers, app servers, and potentially critical workloads
• Windows encryption hits endpoints and shared drives
• Mixed environments increase blast radius because access paths often bridge the two

If your ransomware plan is “restore Windows endpoints,” but your Linux fleet (or NAS, or hypervisor-adjacent storage) is unprepared, you’re planning for a partial incident.

AI detection across platforms: what “good” looks like

A practical, AI-assisted detection posture for multi-platform ransomware includes:

• Cross-platform entity correlation: one identity authenticating to both Windows SMB and Linux SSH paths abnormally
• Graph-based movement detection: a newly compromised host becomes a hub (sudden fan-out)
• Ransomware behavior detectors: encryption-rate thresholds, rename-pattern detection, ransom note spray
• Automated containment: isolate host, disable token/session, block C2, snapshot key servers

The goal is simple: stop the spread when it’s still a cluster of anomalies, not a full-blown outage.

Data leak pressure is evolving—even when the ransomware can’t exfiltrate

Unit 42 noted an alleged data leak posted on a dark web forum shortly after the attack, even though 01flip itself cannot exfiltrate data.

That’s a key nuance. Ransomware operations can be modular:

• Tool A: initial access and persistence
• Tool B: credential theft and lateral movement
• Tool C: exfiltration
• Tool D: encryption and extortion note

So when a ransomware binary lacks exfiltration features, it doesn’t mean you’re safe from double extortion. It can simply mean exfiltration happened earlier with other tooling.

AI-assisted threat hunting helps here by reconstructing the full chain—especially outbound transfers, unusual archive creation, and long-lived sessions from service accounts.

A practical response plan for 01flip-style ransomware (with AI in the loop)

If you want a plan that works against 01flip and the next five families that copy its playbook, focus on speed and breadth.

1) Reduce initial access (the boring part that works)

• Patch internet-facing apps aggressively; don’t tolerate “we’ll do it next quarter”
• Inventory exposed services continuously (attack surface management)
• Enforce MFA and conditional access for admin portals

2) Treat Sliver-like frameworks as a high-priority signal

• Alert on suspicious beacons, unexpected listeners, and pivot-like network patterns
• Baseline “normal admin tooling” per server role; anything outside that is suspect

3) Detect encryption early with behavior-first controls

• Watch for mass file operations: open/write/rename spikes
• Detect specific rename patterns (like .01flip) but don’t rely on them
• Use AI models that combine file I/O, process lineage, and user context

4) Automate the first 5 minutes

The first 5 minutes decide whether this is “an incident” or “a disaster.” Your AI security automation should be able to:

• Isolate affected endpoints/servers
• Kill the parent process tree
• Revoke tokens / disable accounts used in lateral movement
• Block known C2 infrastructure and suspicious egress

5) Validate recovery assumptions now (before the holiday outage)

It’s December 2025. Many orgs are running with thin staffing, change freezes, and end-of-year deadlines. Ransomware crews know that.

Run a short tabletop that answers:

• Can we restore Linux workloads as confidently as Windows?
• Do we have offline/immutable backups that ransomware can’t reach?
• How fast can we rotate credentials across shared admin paths?

A ransomware plan that only works when everyone’s online and calm isn’t a plan.

Where AI in cybersecurity fits—and where it doesn’t

AI won’t replace patching, segmentation, or backups. If your basics are weak, AI becomes an expensive alert generator.

AI does shine when the attacker chain spans platforms and tools:

• It correlates weak signals into a strong story.
• It prioritizes what matters under time pressure.
• It automates containment steps consistently.

That’s exactly the environment 01flip was built for: mixed estates, manual operators, rapid distribution, and cleanup to slow responders down.

If you’re building your 2026 security roadmap, treat 01flip as your prompt: multi-platform ransomware is normal now. The teams that win are the ones that can detect and respond across Windows and Linux with the same speed—and that usually means AI-powered security operations backed by solid fundamentals.

What would your SOC do if a single compromised Linux server started authenticating into both your Windows shares and your production Linux fleet in the next 10 minutes—and your on-call engineer is already juggling holiday coverage?