CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

New Rust-based Ransomware Family Targets Windows, Linux, and ESXi Systems — The Hacker News

admin by admin
July 20, 2022
in Information Security


Kaspersky security researchers have disclosed details of a brand-new ransomware family written in Rust, making it the third strain after BlackCat and Hive to use the programming language.

Luna, as it’s called, is “fairly simple” and can run on Windows, Linux, and ESXi systems, with the malware banking on a combination of Curve25519 and AES for encryption.

CyberSecurity

“Both the Linux and ESXi samples are compiled using the same source code with some minor changes from the Windows version,” the Russian firm noted in a report published today.

Advertisements for Luna on darknet forums suggest that the ransomware is intended for use only by Russian-speaking affiliates. Its core developers are also believed to be of Russian origin owing to spelling mistakes in the ransom note hard-coded within the binary.

“Luna confirms the trend for cross-platform ransomware,” the researchers stated, adding how the platform agnostic nature of languages like Golang and Rust are giving the operators the ability to target and attack at scale and evade static analysis.

That said, there is very little information on the victimology patterns given that Luna is a freshly discovered criminal group and its activity is still being actively monitored.

Luna is far from the only ransomware to set its eyes on ESXi systems, what with another nascent ransomware family known as Black Basta undergoing an update last month to include a Linux variant.

CyberSecurity

Black Basta is also notable for starting up a Windows system in safe mode before encryption to take advantage of the fact that third-party endpoint detection solutions may not start after booting the operating system in safe mode. This enables the ransomware to go undetected and easily lock the desired files.

“Ransomware remains a big problem for today’s society,” the researchers said. “As soon as some families come off the stage, others take their place.”

LockBit, however, remains one of the most active ransomware gangs of 2022, often relying on RDP access to enterprise networks to disable backup services and create a Group Policy to terminate running processes and execute the ransomware payload.

“LockBit’s success is also due to its developers and affiliates continued evolution of features and tactics, which include the malware’s fast encryption speed, ability to target both Windows and Linux machines, its brash recruitment drives, and high-profile targets,” the Symantec Threat Hunter Team, part of Broadcom Software, said in a report.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Use Security Hub custom actions to remediate S3 resources based on Macie discovery results

Next Post

Legacy vs Cloud ITSM: what’s the difference?

Related Posts

Information Security

New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack

by admin
August 7, 2022
Information Security

Spring 2022 PCI 3DS report now available

by admin
August 7, 2022
Information Security

Tech giants pledge self-regulation in NZ pact

by admin
August 7, 2022
Information Security

Hackers Exploit Twitter Vulnerability to Exposes 5.4 Million Accounts

by admin
August 6, 2022
Information Security

Class Action Targets Experian Over Account Security – Krebs on Security

by admin
August 6, 2022
Next Post

Legacy vs Cloud ITSM: what’s the difference?

Recommended

New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack

August 7, 2022

Spring 2022 PCI 3DS report now available

August 7, 2022

Tech giants pledge self-regulation in NZ pact

August 7, 2022

Will Oracle Save the Day with Its EHR database?

August 7, 2022

Illuminatecreativity

August 7, 2022

Hackers Exploit Twitter Vulnerability to Exposes 5.4 Million Accounts

August 6, 2022

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 JNews - Premium WordPress news & magazine theme by Jegtheme.