A new ransomware family dubbed Luna can be used to encrypt devices running several operating systems, including Windows, Linux, and ESXi systems.
Discovered by Kaspersky security researchers via a dark web ransomware forum ad spotted by the company's Darknet Threat Intelligence active monitoring system, Luna ransomware appears to be specifically tailored to be used only by Russian-speaking threat actors.
"The advertisement states that Luna only works with Russian-speaking affiliates. Also, the ransom note hardcoded inside the binary contains spelling mistakes. For example, it says 'a little team' instead of 'a small team',"
Kaspersky said.
"Because of this, we assume with medium confidence that the actors behind Luna are speakers of Russian."
Luna (Russian for moon) is very simple ransomware still under development and with limited capabilities based on the available command line options.
However, it uses a not-so-common encryption scheme, combining fast and secure X25519 elliptic curve Diffie-Hellman key exchange using Curve25519 with the Advanced Encryption Standard (AES) symmetric encryption algorithm.
