ALVARO'S CYBER SECURITY COLUMN - RUSSIAN RANSOMWARE
Written on 25/07/2022

ALVARO'S CYBER SECURITY COLUMN  -  RUSSIAN RANSOMWARE

Kaspersky security researchers have disclosed details of a brand-new ransomware family.  Written in Rust, and called Luna, it is "fairly simple".  Advertisements for Luna on darknet forums suggest that the ransomware is intended for use only by Russian-speaking affiliates. Its core developers are also believed to be of Russian origin owing to spelling mistakes in the ransom note hard-coded within the binary.

"Both the Linux and ESXi samples are compiled using the same source code with some minor changes from the Windows version," the Russian firm noted in a report published today.  Luna is a freshly discovered criminal group and its activity is still being actively monitored.

"Ransomware remains a big problem for today's society," the researchers said. "As soon as some families come off the stage, others take their place."  For instance Black Basta is also notable for starting up a Windows system in safe mode before encryption to take advantage of the fact that third-party endpoint detection solutions may not start after booting the operating system in safe mode.  This enables the ransomware to go undetected and easily lock the desired files.  Get your cyber audit booked today!

Alvaro Gonzalez Cyber security expert for BAT 

All news