Fwd: New Rust-based Ransomware Family Targets Windows, Linux, and ESXi Systems — The Hacker News

4 views
Skip to first unread message

Robert Lewis

unread,
Jul 20, 2022, 5:28:22 PMJul 20
to Felton Lug
      Anyone have experience with this or wish to comment?
    
                            This may be old news but I thought I’d take a chance.

                                     Neal
https://thehackernews.com/2022/07/new-rust-based-ransomware-family.html


Rick Moen

unread,
Jul 21, 2022, 2:42:06 AMJul 21
to Felton Lug
Quoting Robert Lewis (bob.l...@gmail.com):

> Anyone have experience with this or wish to comment?
> This may be old news but I thought I’d take a chance.
> https://thehackernews.com/2022/07/new-rust-based-ransomware-family.html

First thing to note, "ransomware", like rootkits, by definition cannot
target anything. Ransomware is a nasty trick to extort money that gets
pulled on victims after their systems have been security compromised,
involving rewriting the victim's files using strong crypto.

Articles like the one you cited talk about the encryption and
demanding-money software as if it were a security problem. It is not.
It is the _aftermath_ of a security problem.

I'll try to invent a real-world analogy, though I'm sure it will end up
sounding farfetched, as imagining a parallel situation is easy, but
imagining one that sounds credible is a bit harder. Imagine that you go
on vacation for six months, leaving a lot of irreplaceable belongings in
your suddenly occupant-less house. Regrettably, you not only leave the
front door unlocked, but also open.

Six months later, you come home to find a typed note on your door.
"Dear Mr. Lewis: You will now find a huge, 10' x 10' x 10' safe
in the middle of your living room. Inside, I have stashed all of your
most valuable belongings, that (I think you'll agree) I have estimated
to have a value of $20,000. The safe is of course locked, and it is a
high-end safe that even expert safecrackers cannot pick. Moreover,
the inside of the safe is rigged with an incendiary device that will go
off, and burn everything (and perhaps your house) to a cinder if you
attempt to either drill/cut into or remove the safe. Your _only_ way to
get your belongings back safely (no pun intended) is to send $1000 in
bitcoin to [blah blah]"

That's basically ransomware. The safe and the (alleged) incendiary
device are not the means of entry into your house, or the way the thief
was able to collect your belongings and stuff them into the safe.

Claiming that yet another flavour of ransomeware is "news" is like
claiming that a different brand of safe is news.

Anyway, OK, the Kaspersky guys noticed this one, Luna, is written in
Rust. Fine, and...? Rust is an excellent, modern, general-purpose
programming language.

Kapersky's press release, which was doubtless copied/pasted for this
article, says Luna's coders used Curve25519 for Diffie-Hellman key
agreement/transmission and AES for encryption. That's very modern of
them.

Everything else in the article's kind of blah, in my personal opinion
(just not very interesting).

What _would_ be interesting would be information about by what means the
(theoretical) security-compromised Linux machines were entered and
root-compromised. But there's, as usual, zero about that.

Reply all
Reply to author
Forward
0 new messages