Rust-based ransomware targets Windows, Linux, and ESXi systems

Kaspersky security researchers have discovered a new family of ransomware, dubbed Luna, written in the Rust programming language.

Ransomware locks users out of their files by encrypting them, after which the attackers will extort money from the victims to provide the decryption keys.

The Luna malware runs on Windows, Linux, and VMWare ESXi systems.

“Both the Linux and ESXi samples are compiled using the same source code with some minor changes from the Windows version,” Kaspersky said.

The researchers were alerted to Luna via an advertisement on a darknet ransomware forum.

The team said that although Luna is relatively simple, it uses an atypical encryption scheme.

“[The encryption scheme Luna uses] involves x25519 and AES, a combination not often encountered in ransomware schemes,” Kaspersky said.

Due to spelling errors and the advertisement stating that Luna only works with Russian-speaking affiliates, the researchers “assume with medium confidence” that the threat actors responsible for Luna’s creation speak Russian.

“Luna confirms the trend for cross-platform ransomware: current ransomware gangs rely heavily on languages like Golang and Rust,” Kaspersky said.

Since Luna has only recently been discovered, Kaspersky has very little data on its targets.

Kaspersky said it discovered another ransomware called Black Basta targeting ESXi systems in February 2022.

The researchers said there is a growing trend of ransomware creators targeting ESXi systems.

They said Luna and Black Basta aim to cause as much damage as possible, and that they expect new variants to support encryption of virtual machines by default.

Now read: Ransomware attackers can exploit OneDrive feature to delete backups

Latest news

Partner Content

Show comments


Share this article
Rust-based ransomware targets Windows, Linux, and ESXi systems