{"id":19860,"date":"2022-07-20T13:41:08","date_gmt":"2022-07-20T09:41:08","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/luna-blackbasta-ransomware\/19860\/"},"modified":"2022-07-20T13:41:08","modified_gmt":"2022-07-20T09:41:08","slug":"luna-blackbasta-ransomware","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/luna-blackbasta-ransomware\/19860\/","title":{"rendered":"New ransomware: a cross-platform future"},"content":{"rendered":"<p>Ransomware groups are of late increasingly targeting not only Windows computers, but Linux devices and ESXi virtual machines. We\u2019ve already spotlighted the <a href=\"https:\/\/www.kaspersky.com\/blog\/black-cat-ransomware\/44120\/\" target=\"_blank\" rel=\"noopener nofollow\">BlackCat<\/a> gang, which distributes malware written in the cross-platform language Rust and is capable of encrypting such systems. Our experts analyzed two more malware families that recently appeared on the dark web with similar functionality: <a href=\"https:\/\/securelist.com\/luna-black-basta-ransomware\/106950\/\" target=\"_blank\" rel=\"noopener\">Black Basta and Luna<\/a>.<\/p>\n<h2>Black Basta \u2014 ransomware for ESXi<\/h2>\n<p>Black Basta was first discovered in February. It exists in two versions: for Windows and for Linux, with the latter primarily targeting ESXi virtual machine images. A standout feature of the Windows version is that it boots the system in safe mode before encrypting. This allows the malware to evade detection by security solutions, many of which don\u2019t work in safe mode.<\/p>\n<p>At the time of posting, Black Basta operators had released information on 40 victims, among them manufacturing and electronics firms, contractors, and others. According to Kaspersky, their targets are located in the U.S., Australia, Europe, Asia, and Latin America.<\/p>\n<h2>Luna \u2014 more Rust-based ransomware<\/h2>\n<p>Our researchers discovered the Luna malware in June. Also written in Rust, it\u2019s capable of encrypting both Windows and Linux devices, as well as ESXi virtual machine images. In an ad on the <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/dark-web\/\" target=\"_blank\" rel=\"noopener\">dark web<\/a>, the cybercriminals claim to cooperate only with Russian-speaking partners. This means that the targets of interest to the attackers most likely are outside the former Soviet Union. This is also evidenced by the fact that the ransom note embedded into the code of the ransomware is written in English, albeit with mistakes.<\/p>\n<h2>How to protect yourself from ransomware<\/h2>\n<p>Ransomware remains a serious threat to business. New players continue to appear on the market and quickly pick up on the most disruptive trends. To stay safe, you need to always be tuned in to the threat landscape and build your protection strategy based on it.<\/p>\n<p>And remember that all internet-facing corporate devices must be equipped with <a href=\"https:\/\/me-en.kaspersky.com\/small-to-medium-business-security?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">security solutions<\/a>, including servers running Linux \u2014 attacks on them have become more frequent recently.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial\">\n","protected":false},"excerpt":{"rendered":"<p>The new Luna and Black Basta ransomware strains are capable of attacking Windows, Linux and VMware ESXi.<\/p>\n","protected":false},"author":2477,"featured_media":19861,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1916,1917,1486],"tags":[533,433,113],"class_list":{"0":"post-19860","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"category-smb","10":"category-threats","11":"tag-linux","12":"tag-ransomware","13":"tag-windows"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/luna-blackbasta-ransomware\/19860\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/luna-blackbasta-ransomware\/24394\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/luna-blackbasta-ransomware\/10036\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/luna-blackbasta-ransomware\/26784\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/luna-blackbasta-ransomware\/24693\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/luna-blackbasta-ransomware\/25085\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/luna-blackbasta-ransomware\/27434\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/luna-blackbasta-ransomware\/27103\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/luna-blackbasta-ransomware\/33569\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/luna-blackbasta-ransomware\/10868\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/luna-blackbasta-ransomware\/44900\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/luna-blackbasta-ransomware\/19204\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/luna-blackbasta-ransomware\/19765\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/luna-blackbasta-ransomware\/29060\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/luna-blackbasta-ransomware\/28374\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/luna-blackbasta-ransomware\/25287\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/luna-blackbasta-ransomware\/30759\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/luna-blackbasta-ransomware\/30506\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/ransomware\/","name":"ransomware"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19860","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2477"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=19860"}],"version-history":[{"count":0,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19860\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/19861"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=19860"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=19860"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=19860"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}