The ransomware is fairly simple, according to Kaspersky, whose researchers analyzed the malware, but it uses an encryption scheme that’s not typically used by ransomware — a combination of X25519 and AES.
Luna is developed in Rust, which makes it easy to port to different platforms, and can also help evade static analysis.
“Both the Linux and ESXi samples are compiled using the same source code with some minor changes from the Windows version. For example, if the Linux samples are executed without command line arguments, they will not run. Instead, they will display available arguments that can be used. The rest of the code has no significant changes from the Windows version,” Kaspersky researchers explained in a blog post.