"New Luna Ransomware Encrypts Windows, Linux, and ESXi Systems"
Luna, a new ransomware family, can encrypt devices running various operating systems, including Windows, Linux, and ESXi systems. Researchers discovered it through a dark web ransomware forum ad. Luna ransomware appears to be designed specifically for use by Russian-speaking threat actors. Based on the available command line options, Luna seems to be in development and has limited capabilities. It does, however, employ a not-so-common encryption scheme that combines fast and secure X25519 elliptic curve Diffie-Hellman key exchange using Curve25519 with the Advanced Encryption Standard (AES) symmetric encryption algorithm. The group behind this new ransomware created it in Rust and used its platform-agnostic nature to port it to multiple platforms with minimal changes to the source code. Luna ransomware can also avoid automated static code analysis by using the cross-platform language. The new ransomware family confirms a recent trend among cybercrime gangs in developing cross-platform ransomware using programming languages such as Rust and Golang to create malware capable of targeting multiple operating systems with little to no changes. Given that the group was only recently discovered and its activity is still being monitored, the researchers say there is little data on what victims have been encrypted using Luna ransomware. This article continues to discuss the findings regarding the new Luna ransomware.
Bleeping Computer reports "New Luna Ransomware Encrypts Windows, Linux, and ESXi Systems"