![]() ![]() In June 2021, someone uploaded its builder to a cybercriminal forum. The Babuk Locker operation has been through several plots since its takeoff. According to some reports, the ransom may reach $85,000 worth of bitcoins. Contrary to most counterparts that include a victim-specific countdown timer and extensive support options, Babuk Locker uses a rudimentary-looking chat feature to communicate with victims. ![]() The ransom note also tells the user to open their personal payment page via the Tor Browser. To prove that the crooks aren’t bluffing and have a decoding tool, they offer test recovery of up to five files less than 10MB in size. ![]() It says the computers and servers have been encrypted, and backups are no longer there. Once a victim organization realizes its proprietary data is skewed via a mix of encryption and a weird string appended to each record, the above-mentioned ransom file plays its part. This “steal and leak” tactic is the bitter reality in today’s ransomware underground, and Babuk Locker is no exception. It is also a powerful element of pressure. The fact that the criminals have a copy of important files, including customer and employee records as well as strategic business information, gives the malefactors additional leverage when negotiating the ransom amount. This stage usually precedes the encoding process. Yet another nasty facet of Babuk Locker is that it extracts data out of the organization’s servers. For instance, they tend to set the order of mutilating files stored locally and those residing on network shares. Since the attack is operated manually, the malicious actors use a command-line utility to remotely execute arguments that specify the flow of encryption across the network. Next comes the cipher phase, whereby the predatory code applies its asymmetric crypto logic to prevent users from accessing their files. These include web browsers, database servers, mail servers and clients, as well as backup applications. Having made it inside, Babuk Locker stops a series of processes that may hamper unauthorized encryption by keeping data open. To get rid of the threat, you need to purchase the full version of the anti-malware tool:Įxtortion logic and lateral movement inside a network Free scan determines if your system is infected. Scan your PC with Combo Cleaner for Windows to detect all files related to Babuk Locker ransomware. Targeted attacks through RDP hacking, phishing, and software vulnerability exploitationĭata loss and leak in case of non-payment Threat details:Įncrypts an organization’s data, demands ransom in bitcoins for the decryption key (the amount depends on network size) In some scenarios, a targeted phishing email sets the incursion in motion. To understand how exactly to sting an organization, they conduct initial reconnaissance and probe the network for RDP deployment blunders, VPN misconfigurations, and vulnerabilities in software used. The crooks infiltrate networks through “classic” breach techniques, with the choice of the vector depending on the weak links in a specific victim’s digital infrastructure. One of them was the Washington DC Metropolitan Police Department (compromised last April). ‘How To Restore Your Files.txt’ ransom note by Babuk LockerĪlthough the code of this pest’s original version was unsophisticated, its cryptography implementation combined with clever attack methods allowed the operators of this ransomware to quickly build a portfolio of high-profile victims. Another prominent indicator of compromise (IOC) is the *._NIST_K571_ or *.babyk extension concatenated to no-longer-accessible files. As part of the raid, the program creates ransom notes named How To Restore Your Files.txt within every affected folder, which explains what happened and instructs the company to visit a Tor payment page to discuss the recovery options. After gaining a foothold in a host environment, it uses a stream cipher called ChaCha8 to scramble the victim’s valuable data while employing the Elliptic-curve Diffie-Hellman (ECDH) protocol to generate the public-private key pair. Having surfaced in January 2021, Babuk Locker is a simple yet competently designed and effective ransomware strain that zeroes in on corporate networks.
0 Comments
Leave a Reply. |