[MART] - Daily Diary #556 - Meet Luna, Another Cross-Platform Ransomware

[CTAS-MAT]

Hello,

I hope everyone is doing well!

Below is the entry for today.

07/20/2022 - Diary entry #556:

In June this year, a new Ransomware family was discovered. Advertised on a dark web ransomware forum, “Luna” is a cross-platform Ransomware strain — still under development —  written in Rust language.

Luna targets Windows and Linux OSs, as well as ESXi Virtual Machines images like many other ransomware families covered by our Daily Diaries (Cheers Ransomware, LockBit, BlackBasta, AvosLocker, BlackMatter, etc). To encrypt files, Luna uses a not-so-common combination of ECC x25519 (an Elliptic Curve Cryptography algorithm) and AES.

The group behind Luna claimed to cooperate only with Russian-speaking affiliates, not allowing targeting Post-Soviet countries. Additionally, Luna’s ransom note is written in English (containing spelling mistakes) and there is no data regarding any victim of Luna Ransomware yet.

This new strain confirms the trend of Ransomware groups focusing on cross-platform threats and using alternative cryptography combinations or custom-implemented algorithms for difficult analysis and detection.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Tarijon de Almeida
Malware Analyst
Appgate

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220720/5fe8bdf3/attachment.htm>