A new ransomware family dubbed Luna can be used to encrypt devices running several operating systems, including Windows, Linux, and ESXi systems.
Discovered by Kaspersky security researchers via a dark web ransomware forum ad spotted by the company's Darknet Threat Intelligence active monitoring system, Luna ransomware appears to be specifically tailored to be used only by Russian-speaking threat actors.
"The advertisement states that Luna only works with Russian-speaking affiliates. Also, the ransom note hardcoded inside the binary contains spelling mistakes. For example, it says 'a little team' instead of 'a small team'," Kaspersky said.
[...] The group behind this new ransomware developed this new strain in Rust and took advantage of its platform-agnostic nature to port it to multiple platforms with very few changes to the source code.
Using a cross-platform language also enables Luna ransomware to evade automated static code analysis attempts.
"Both the Linux and ESXi samples are compiled using the same source code with some minor changes from the Windows version. The rest of the code has no significant changes from the Windows version," the researchers added.
Luna further confirms the latest trend adopted by cybercrime gangs developing cross-platform ransomware that use languages like Rust and Golang to create malware capable of targeting multiple operating systems with little to no changes.
(Score: 3, Funny) by c0lo on Friday July 22 2022, @05:04AM (5 children)
A good thing they didn't developed it in Java or PHP, can you imagine how insecure the ransomware would have been?
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 0) by Anonymous Coward on Friday July 22 2022, @08:10AM (2 children)
Really, Java and PHP in the same bucket now? LOL!
(Score: 4, Interesting) by c0lo on Friday July 22 2022, @08:55AM (1 child)
After C (which doesn't cross-run), Java and PHP programs show the most vulnerabilities [medium.com]
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 3, Insightful) by Freeman on Friday July 22 2022, @03:13PM
That webpage hurt the eyes. Also, I wouldn't count that as an authoritative source for anything. Wikipedia is probably more authoritative than that.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by DannyB on Friday July 22 2022, @06:45PM (1 child)
Java and PHP are very different.
With Java, how would you get your ransomware to target systems with enough memory to actually run them?
How often should I have my memory checked? I used to know but...
(Score: 3, Funny) by c0lo on Saturday July 23 2022, @12:32AM
You deliver some extra RAM to the owners and kindly ask them to upgrade before. One-off investment, ya know?
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 3, Interesting) by Frosty Piss on Friday July 22 2022, @05:35AM
So the Kaspersky folks are done using it and have moved on to something better?
(Score: -1, Troll) by Anonymous Coward on Friday July 22 2022, @08:40AM
When you say malware, i say where are the samples, gimme one?
Hard to say how good/bad craftsmanship is without that...
( ... must resist dunking on their choice of languages, cos it doesn't matter in this scenario.
Could have written it in PHP or java or ecmascript, wouldn't make a slightest difference. )
"mimicking Windows Services for persistence reasons" and using a distinct binary (as opposed to carefullly writing over some existing executable in ram) is signs of lower then average sophistication, but its ransomware... quality is irrelevant here, and i suppose to these.. for-profit-wankers.. dumb/simple tricks like that are expensive and eat into margin.
What a waste of effort.
(Score: 1, Redundant) by iWantToKeepAnon on Saturday July 23 2022, @12:31AM
Did this guy have a word minimum to meet?
"Happy families are all alike; every unhappy family is unhappy in its own way." -- Anna Karenina by Leo Tolstoy