A new ransomware family has been discovered and it has been deemed as the first of the year to target a number of victims across the globe. According to researchers, the ransomware family called Babuk Locker is using multithreading encryption and abusing Windows Restart Manager. It demands ransom ranging between $60,000 and $85,000 in Bitcoin after encryption.
The double extortion method followed by many ransomware families is being followed by the newly discovered Babuk Locker. To date, the Babuk locker has accounted for 5 victims around the world including an office furniture firm, car parts manufacturer, medical testing products manufacturer, elevator/escalator Company, and a U.S.-based air conditioning company. Every Babuk Locker executable has been customized on a per-victim basis that includes a hardcoded extension, Tor victim URL, and ransom note. The encryption appears to be secure even when the coding looks to be very amateurish.
- A command-line argument is used to control how the ransomware should encrypt network shares, and whether they should be encrypted before the local file system when its executed.
- Multiple Windows services are terminated along with any processes that may prevent encryption at the launch. The terminated services include email clients, database servers, backup software, mail servers, and web browsers.
Other Ransomware victims so far –
Since the start of the year, several other ransomware families have been observed targeting several victims.
- A data archive that belongs to NameSouth has been recently been leaked publicly by the NetWalker group.
- A clinical laboratory named Apex fell victim to a cyberattack claimed by the DoppelPaymer ransomware group.
Ransomware has been a very prominent threat throughout the entire last year and the trend could continue this year as well. Consequently, our internal experts suggest having a proactive strategy, such as regular backup of important data, frequently updating operating systems and applications with the latest patches, and staying alert while receiving emails from unknown senders.
To read more, please check eScan Blog
