Babuk Locker- The Newest Ransomware
The New Year greets us with its latest ransomware, Babuk Locker.
The ransomware has already attacked five different organizations globally and has earned the honor of the first latest enterprise ransomware of 2021. The attackers of Babuk Locker are targeting corporate networks mostly.
What is Ransomware?
Ransomware is one kind of malware that encrypts the victim’s files. Then the attacker demands money for giving back access to the victim’s data. The victim pays and gets the unique description key and thus access to the file.
The attackers attack organizations depending on what ransom they can offer and sometimes based on opportunity. Healthcare and education-based organizations are major targets as they have a humongous amount of vulnerable data. Government agencies and law firms are their tempting targets as these are highly sensitive to their data.
Symptoms and Effect
Ransomware can enter one’s system using various methods, the most common is phishing spam. Attachments come to the user’s email faking as important. The moment they are downloaded and opened by the user, they attack the user’s computer. There are various things that the malware can do after taking over the user’s system but so far encrypting the user’s vulnerable data and files is the most frequent action.
What’s special about Babuk Locker?
Babuk is pretty much enhanced and has better functionality and techniques. Chuong Dong (Student Security Researcher) found out that the ransomware arrives with a long-coded list of actions and services to be done before it starts encryption. It closes down the VSS (Volume Shadow Copy Service) offered by Windows which automatically creates a backup of files and folders which are open and in use. This ensures that the victim cannot restore its data without the description key that the attacker has to offer. It also destroys the Windows Restart Manager and uses enhanced techniques like multi-threading encryption. It also uses advanced mechanism algorithms such as the Elliptic-Curve Diffie-Hellman algorithm.
Threats similar to Babuk
- Similar to Babuk, LockBit, Conti, and Death Ransom does not allow the user from recovering the files that have been attacked by
using VSS (Volume Shadow Copy Service).
- Conti and REvil have also been observed to engage the Windows Restart Manager to attack the services that use the information.
Preventing threat of Ransomware like Babuk Locker
One can adopt the following defensive techniques to defend against this infamous malware:
- Keeping the Operating System up to date helps a great deal.
- Installation of Antivirus software is a must. It detects and warns of the presence of any malicious program.
- Installing the whitelisting software helps as it does not permit access to any unauthorized program for execution.
- Organizations should encrypt their data and also safeguard their encryption ids.
- Last but not the least, frequent and automatic backup of files and folders.