Skip to content
background verde
// September 5, 2022
New Luna ransomware and how a Bug Bounty Program can help you

Luna is one of the most powerful ransomware in the world. Find out how a Bug Bounty Program protects organizations from it thanks to the intelligence and the actions of hundreds of cybersecurity professionals researchers.

Even though businesses worldwide have been preparing for the next outbreak of ransomware, they are still not safe from cyber-attacks. New variants of malicious software continue to appear regularly, infecting computers and locking access to their data. 

The most recent ransomware, Luna, which takes the name from the group which created it, targets users who work with Windows or Linux operating systems and those who use ESXi virtual machines.

Luna is a potent and dangerous new strain of malicious software that can encrypt data on infected machines and demands payment to decrypt it. 

Luna ransomware uses a combination of RSA and AES ciphers to encrypt data and appends the extension “.luna” to the names of encrypted files.

The latest version of the ransomware employs many obfuscation techniques to stay undetected. Luna is written in Rust and is capable of infecting a wide range of systems. 

This particular strain is notable for using a wide range of anti-VM and anti-sandbox techniques since it employs process hollowing, memory injection, and fileless infection techniques to stay under the radar.

Luna is not the first ransomware written in Rust. This programming language has been used even by Black Cat and Hive gangs because it makes it easy to port malware from one operating system to another.

According to the Kaspersky survey, Luna confirms another 2022 ransomware trend targeting ESXi, Windows, and Linux systems.

Furthermore, since many companies have switched to ESXi-based virtual machines, attackers can encrypt victims’ data more quickly. 

Jornt van der Wiel, Kaspersky Security Expert, said: “The trends we outlined earlier this year seem to be gaining steam. We see more and more gangs using cross-platform languages for writing their ransomware. This enables them to deploy their malware on a variety of operating systems. The increased attacks on ESXi virtual machines is alarming, and we expect more and more ransomware families to deploy the same strategy”.

How can a Bug Bounty Program help your company to be protected against Luna Ransomware?

A Bug Bounty Program can help you fight ransomware because it allows you to invite researchers from outside your company to explore your website, mobile app, or any other digital property. 

The researchers, Ethical Hackers, try to find security vulnerabilities that could lead to the installation of malware. As a result, the researchers receive recognition for their work while you get cheaper fixes than hiring outside consultants and investing in an expensive consultant firm.

When someone reports a bug in your system, you must determine whether their report is valid. Then, you have to decide if that particular bug is worth fixing. 

Unfortunately, many businesses don’t have the time or the skills to manage the reports, and the bugs are not fixed. Companies need a third party to manage their Bug Bounty Program

A well-managed Bug Bounty Program can help prioritize the actions in place, limiting the consequences of cyberattacks. Ransomware can take advantage of the vulnerabilities and lead to loss of business, money, and data, disrupting day-to-day operations.

Every application uses third-party code, but not all third-party code is benign. Cybercriminals compromise code that is available online to inject malicious code into your applications. It can be challenging to spot unsanctioned code because it blends in with the rest of your application

A Bug Bounty Program can help protect you by verifying your app’s source code and finding any part you should remove before it has a chance to do any harm. This way, a Bug Bounty Program can also help protect you against ransomware delivered via third-party apps.

Ransomware can even affect your data that’s stored in the Cloud. If your organization has a cloud-based storage system, you likely have backups of your data. 

However, if the backups are stored on the same Cloud system as your original data, you could risk them being encrypted by ransomware. A Bug Bounty Program can help protect you from ransomware in the cloud by checking for signs of suspicious activity

Ethical Hackers can use tracking tools to monitor all incoming and outgoing traffic. This helps ensure that any strange activity is detected and reported. You can then investigate the unusual activity and take the appropriate action, including removing any suspicious code.

Ransomware is a threat to any organization. Fortunately, a Bug Bounty Program can help you combat these threats and protect your business from the damaging effects of ransomware.

Do you want to try the first 100% European Bug Security Bounty Program? Let’s start with