{"id":453436,"date":"2022-07-21T11:25:58","date_gmt":"2022-07-21T09:25:58","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=453436"},"modified":"2022-07-21T11:27:08","modified_gmt":"2022-07-21T09:27:08","slug":"rust-based-ransomware-targets-windows-linux-and-esxi-systems","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/453436-rust-based-ransomware-targets-windows-linux-and-esxi-systems.html","title":{"rendered":"Rust-based ransomware targets Windows, Linux, and ESXi systems"},"content":{"rendered":"<p>Kaspersky security researchers have <strong><a href=\"https:\/\/securelist.com\/luna-black-basta-ransomware\/106950\/\" target=\"_blank\" rel=\"noopener\">discovered<\/a><\/strong> a new family of ransomware, dubbed Luna, written in the Rust programming language.<\/p>\n<p>Ransomware locks users out of their files by encrypting them, after which the attackers will extort money from the victims to provide the decryption keys.<\/p>\n<p>The Luna malware runs on Windows, Linux, and VMWare ESXi systems.<\/p>\n<p>\u201cBoth the Linux and ESXi samples are compiled using the same source code with some minor changes from the Windows version,\u201d Kaspersky said.<\/p>\n<p>The researchers were alerted to Luna via an advertisement on a darknet ransomware forum.<\/p>\n<p>The team said that although Luna is relatively simple, it uses an atypical encryption scheme.<\/p>\n<p>\u201c[The encryption scheme Luna uses] involves x25519 and AES, a combination not often encountered in ransomware schemes,\u201d Kaspersky said.<\/p>\n<p>Due to spelling errors and the advertisement stating that Luna only works with Russian-speaking affiliates, the researchers \u201cassume with medium confidence\u201d that the threat actors responsible for Luna\u2019s creation speak Russian.<\/p>\n<p>\u201cLuna confirms the trend for cross-platform ransomware: current ransomware gangs rely heavily on languages like Golang and Rust,\u201d Kaspersky said.<\/p>\n<p>Since Luna has only recently been discovered, Kaspersky has very little data on its targets.<\/p>\n<p>Kaspersky said it discovered another ransomware called Black Basta targeting ESXi systems in February 2022.<\/p>\n<p>The researchers said there is a growing trend of ransomware creators targeting ESXi systems.<\/p>\n<p>They said Luna and Black Basta aim to cause as much damage as possible, and that they expect new variants to support encryption of virtual machines by default.<\/p>\n<hr \/>\n<h3 class=\"my-4\">Now read: <a href=\"https:\/\/mybroadband.co.za\/news\/cloud-hosting\/449184-ransomware-attackers-can-exploit-onedrive-feature-to-delete-backups.html\">Ransomware attackers can exploit OneDrive feature to delete backups<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>Kaspersky security researchers have discovered a brand-new family of ransomware that targets Windows, Linux, and VMWare ESXi systems.<\/p>\n","protected":false},"author":23,"featured_media":413366,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[80006,1595,1799,78350,30150,80004,807],"class_list":["post-453436","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-black-basta","tag-kaspersky","tag-linux","tag-luna","tag-ransomware","tag-vmware-esxi","tag-windows"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/453436"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=453436"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/453436\/revisions"}],"predecessor-version":[{"id":453454,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/453436\/revisions\/453454"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/413366"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=453436"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=453436"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=453436"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}