Luna Ransomware Encrypts Windows, Linux and ESXi systems

Each day, there are new reports about ransomware. Malware attacks have surged in recent years, prompting an increase in defensive technologies to combat the problem. In order to evade detection by cybersecurity radar, fresh samples are introducing new methodologies, more sophistication, and anti-detection strategies. 

One of the most recent instances is the Luna ransomware attack, which Kaspersky just reported. The malware was reportedly being developed by Russian actors before it was found in June 2022 on dark web forums. The commercial claims that Luna only collaborates with affiliates who speak Russian. The Kaspersky research team also notes that the ransom text, which is hardcoded into the program, has typos. 

As with other notable ransomware families like Hive and BlackCat, Luna is written in Rust – the programming language which enables cross-platform development. Also, it offered the attackers a number of advantages from a detection standpoint. A few of them are listed here: 

Encryption process 

According to Kaspersky, the Luna ransomware employs an uncommon encryption scheme, combining the Advanced Encryption Standard (AES) symmetric encryption technique with the quick and secure X25519 elliptic curve Diffie-Hellman key exchange utilizing Curve25519. All encrypted files have the’.luna’extension added during the encryption process, although the ransomware features are still in the works. A significant finding from the analysis is that Luna’s source code appears to have been written in Russian.  To support the prior statement, the ransomware notes are written in American English with some grammatical errors that indicate an automatic translation from a different language.