Luna is a new ransomware offered only to Russian affiliates.Kaspersky cybersecurity experts: The malware, written in Rust, encrypts files on Windows, Linux and ESXi. It uses as encryption scheme an X25519-AES combination

Luna is a new ransomware cross-platform, offered only to Russian-speaking affiliates. This has been detected by Kaspersky cybersecurity experts. The malware can encrypt files on Windows, Linux and ESXi. It uses an encryption scheme that’s not typical: a combination of X25519 and AES, and it has been developed by cybercrime actors in Rust. Both the Linux and ESXi samples are compiled using the same source code with some minor changes from the Windows version. Luna confirms the trend for cross-platform ransomware: current ransomware gangs rely heavily on languages like Golang and Rust. A notable example includes BlackCat and Hive. The languages being platform agnostic, the ransomware written in these can be easily ported from one platform to others, and thus, attacks can target different operating systems at once. In addition to that, cross-platform languages help to evade static analysis.