Luna Ransomware Encrypts Windows, Linux and ESXi systems

clock-img 12 Sep, 2022 
cat-img Ransomware

Table Of Contents

Each day, there are new reports about ransomware. Malware attacks have surged in recent years, prompting an increase in defensive technologies to combat the problem. In order to evade detection by cybersecurity radar, fresh samples are introducing new methodologies, more sophistication, and anti-detection strategies. 

One of the most recent instances is the Luna ransomware attack, which Kaspersky just reported. The malware was reportedly being developed by Russian actors before it was found in June 2022 on dark web forums. The commercial claims that Luna only collaborates with affiliates who speak Russian. The Kaspersky research team also notes that the ransom text, which is hardcoded into the program, has typos. 

As with other notable ransomware families like Hive and BlackCat, Luna is written in Rust – the programming language which enables cross-platform development. Also, it offered the attackers a number of advantages from a detection standpoint. A few of them are listed here: 

Encryption process 

According to Kaspersky, the Luna ransomware employs an uncommon encryption scheme, combining the Advanced Encryption Standard (AES) symmetric encryption technique with the quick and secure X25519 elliptic curve Diffie-Hellman key exchange utilizing Curve25519. All encrypted files have the’.luna’extension added during the encryption process, although the ransomware features are still in the works. A significant finding from the analysis is that Luna’s source code appears to have been written in Russian.  To support the prior statement, the ransomware notes are written in American English with some grammatical errors that indicate an automatic translation from a different language. 

Certified Ethical Hacking

Luna ransomware – What you need to know!

The ransomware environment is showing a clear trend toward the use of uncommon languages like Rust and Goland. A perfect example of this is Luna, which was developed by hacker groups in order to cause the maximum amount of damage during the encryption process and target multiple operating systems at once. In this regard, monitoring is necessary to limit the harm that could result from a ransomware attack, to highlight the threat on the cyber security radar, and to enable quick and effective threat containment.


Training Calender