Select Page

Kaspersky security researchers have disclosed details of a brand-new ransomware family written in Rust, making it the third strain after BlackCat and Hive to use the programming language.

Luna, as it’s called, is “fairly simple” and can run on Windows, Linux, and ESXi systems, with the malware banking on a combination of Curve25519 and AES for encryption.

“Both the Linux and ESXi samples are compiled using the same source code with some minor changes from the Windows version,” the Russian firm noted in a report published today.

Advertisements for Luna on darknet forums suggest that the ransomware is intended for use only by Russian-speaking affiliates. Its core developers are also believed to be of Russian origin owing to spelling mistakes in the ransom note hard-coded within the binary.

“Luna confirms the trend for cross-platform ransomware,” the researchers stated, adding how the platform agnostic nature of languages like Golang and Rust are giving the operators the ability to target and attack at scale and evade static analysis.

images from Hacker News