Home > Cyber News > New Luna Ransomware Targets Windows, Linux, and ESXi Systems

New Luna Ransomware Targets Windows, Linux, and ESXi Systems

New Luna Ransomware Targets Windows, Linux, and ESXi Systems

Security researchers reported the discovery of a new cross-platform ransomware strain coded to target Windows, Linux, and ESXi systems.

Meet the New Cross-Platform Luna Ransomware

Discovered by Kaspersky’s Darknet Threat Intelligence monitoring system, the so-called Luna ransomware is advertised on a darknet ransomware forum. Called Luna, the malware is written in Rust and is “fairly simple” judging by the available command line options. However, its encryption scheme is different as it involves the use of x25519 and AES, a combination not often encountered in ransomware campaigns.

“Both the Linux and ESXi samples are compiled using the same source code with some minor changes from the Windows version. For example, if the Linux samples are executed without command line arguments, they will not run. Instead, they will display available arguments that can be used,” Kaspersky said.

According to the darknet forum advertisement, Luna currently works only with Russian-speaking affiliates, and the researchers believe that the ransomware creators are also Russian.

The emergence of this new ransomware confirms the trend of cross-platform malware and ransomware, as well as the use of languages such as Golang and Rust. Another example is the BlackCat ransomware discovered last winter. The ransomware group was the first to use Rust in a malicious sample that was used in the wild.

Another example of ransomware that targets more than one operating system is HelloXD which has been carrying out double extortion attacks since November 2021.

The ransomware has multiple variants that impact both Windows and Linux systems. What distinguishes HelloXD from other, similar ransomware families is the fact that it doesn’t feature a leak site. Instead, it redirects victims to negotiate via the Tox (a p2p instant messaging protocol used by other ransomware, too) chat and onion-based messengers.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree