New Ransomware: Luna & Black Basta Targets Windows, Linux and ESXi Systems


Ransomware gangs are not only targeting Windows but Linux devices and ESXi as well. According to a report by Kaspersky, ransomware groups are increasingly modifying their code to cross-platform programming languages such as Rust or Golang. They are focusing on six programming languages so that their malware can attack devices running different operating systems other than Windows.  

Ransomware has always been a disastrous threat to business. More breachers are appearing in the market and disturbing the systems. You need to be updated about all the facets of risks and must build a strategy to stay out of them. Focus on the protection strategy to be safe from these disturbing threats.  

Always remember that all devices connected to the internet should be equipped with a security solution. Servers running Linux are more susceptible to these threats as attacks on them have become more frequent these days.  

Luna and Black Basta Ransomware  

The report from Kaspersky researchers talks about the latest ransomware trends. The report says that writing malware in a cross-platform language makes it simpler to get access to other systems such as Linux, iOS and Android.  Analysis of these cross-platform binaries is a bit more difficult than malware written in basic C. The experts examined two more malware gangs that emerged on the dark web with identical functionality: Black Basta and Luna Malware gangs. 

Luna Malware was found by researchers in June. It’s able to encrypt both Windows, Linux machines, and ESXi virtual machines. In an advertisement on the Kaspersky dark web, the cybercriminals claim to work together only with Russian-speaking collaborators. This indicates that the targets of attackers are out of the former Soviet Union. Luna is presently working only with Russian-speaking associates, and the researchers speculate that the ransomware creators are also from Russia. 

Luna’s creators use languages like Rust and Golang to build malware for targeting numerous operating systems. Researchers also gave details about another ransomware system called Black Basta, which revised its malware to target ESXi operating systems.   

Black Basta was first observed in the month of February. It has two versions: Windows and Linux, mainly targeting ESXi virtual device images. The biggest trait of the Windows version is that it turns out the system in safe mode before encrypting. This enables the malware to evade detection by protection solutions, many of which don’t function in the safe mode. 

Always set up offline backups and Use ransomware protection for all endpoints. Give your team the latest threat information and regularly educate them with proficient training to develop a protection strategy that intruders cannot tamper with. Equip your systems with ransomware protection for all endpoints.