We were just a few days into the new year. We had hoped that this year will definitely be our year. We had hoped that the pandemic would be miraculously over once the clock struck 12 on January 1. Cut to reality. The joke’s on us. The year greeted us with the latest ransomware variant, named Babuk Locker.
The ransomware group mainly focuses on enterprise networks instead of individuals, and their ransom demands range from $60,000 to $85,000. Babuk Locker has already intruded on five corporate networks and one of them has agreed to pay the highest ransom amount.
- The ransomware is not a piece of work and has no new technology and thus, can be termed “mediocre.” However, it is not entirely harmless.
- The malware shares common traits with Sodinokibi and Ryuk; the traits that made these successful in the cybercrime department.
- Nevertheless, it does employ some new tactics, such as multi-threading encryption and exploiting Windows Restart Manager.
- Apart from this, Babuk has a strong encryption mechanism that uses the Elliptic-curve Diffie-Hellman algorithm.
Are there any similar threats?
- Similar to Babuk Locker, Conti, LockBit, and DeathRansom prevent users from recovering their information using shadow volume copies from VSS.
- REvil and Conti have been observed to employ Windows Restart Manager to kill services that use files.
The bottom line
Although there is not much special about the newest ransomware of the year, it is still potent and can cause monetary and operational damage. Although it is not as sophisticated as the other ransomware strains in the big leagues as of now, governments and businesses are recommended to proactively employ defenses against this threat.