PureLocker has been spotted being used in targeted attacks against Windows and Linux-based production servers at enterprises. Researchers said it shows unusual characteristics that underscore the innovation that malware developers are putting into their wares. The malware attempts to evade user-mode API hooking of NTDLL functions by manually loading another copy of ntdll and resolving API addresses manually from there. PureBasic code is portable between Windows, Linux and OS-X, making targeting different platforms easier.
Source: https://threatpost.com/purelocker-ransomware-targeted-attacks/150229/