“Both the Linux and ESXi samples are compiled using the same source code with some minor changes from the Windows version,” the Russian firm noted in a report published today.
Advertisements for Luna on darknet forums suggest that the ransomware is intended for use only by Russian-speaking affiliates. Its core developers are also believed to be of Russian origin owing to spelling mistakes in the ransom note hard-coded within the binary.
“Luna confirms the trend for cross-platform ransomware,” the researchers stated, adding how the platform agnostic nature of languages like Golang and Rust are giving the operators the ability to target and attack at scale and evade static analysis.
images from Hacker News