Windows, Linux, and ESXi Users Beware: New Threats Coming From Luna and Black Basta Ransomware

A recent article on SecureList spotlighted two relatively new ransomware strains specifically targeting Windows, Linux, and ESXi systems. Luna was brought to light by Kaspersky’s Darknet Threat Intelligence monitoring system, which discovered a new ad on a darknet ransomware forum. The malware is written in Rust and, according to SecureList, is pretty simple but uses an atypical encryption approach for ransomware schemes.

The article suggests that Russian actors may be behind this new threat, with the darknet ad stating that Luna only works with Russian-speaking affiliates. Luna also substantiates that the trend for cross-platform ransomware is real, with today’s ransomware cybercriminals relying heavily on languages like Golang and Rust. Rust was also used to write BlackCat ransomware, available to hackers as ransomware as a service.

SecureList explains that Black Basta, first noted in February of this year, has matured with new functionality, including starting up the system in safe mode before encryption and mimicking Windows Services to enable persistence. Attacks have been reported worldwide.

We’ll update this post as more information becomes available.

To learn how you can be confident you can recover from any ransomware attack, talk to an expert Arcserve technology partner. Check out our on-demand demos to learn more about Arcserve ransomware protection solutions.