Warning: Babuk Locker Ransomware is Active Again, Attacking the World
Babuk Locker is a ransomware operation born in early 2021, targeting companies, stealing their data and extorting money.
After carrying out an attack on Washington DC's Metropolitan Police Department (MPD), the ransomware gang ceased operations in April and switched to a model of non-encrypted data extortion under the name PayLoad Bin.
Last week, security researcher Kevin Beaumont discovered someone had uploaded the Babuk operation's ransomware generator to VirusTotal.
Creating custom ransomware is simple. All the threat agent has to do is modify the accompanying note, including contact information. Then run the executable to create a custom ransomware encoder and decoder that targets Windows, VMware ESXi, Network Attached Storage (NAS) x86, and an ARM NAS device.
Soon after this ransomware generator leaked online, a threat actor started using it to launch a ransomware campaign.
On June 29, on Reddit, a victim reported they were hacked by software claiming to be "Babuk Locker".
BleepingComputer quoted security researcher MalwareHunterTeam as saying, starting June 29, ID Ransomware received a spike in Babuk Locker.
Victims come from all over the world, and ransom notes are all sent from the email address of the threater.
Like the original operation, this ransomware attack adds the .babyk extension to the encrypted file name and issues a ransom note called How To Restore Your Files.txt.
Compared to asking for hundreds of thousands and millions of USD in the first operation, this time they only demanded 210 USD from the victim.
Locker uses a dedicated Tor payment site to negotiate with victims. However, the new attacks are using email, specifically babukransom@tutanota.com, to communicate with victims.
It's not clear how the ransomware is being spread, but there is a thread where victims can share more information about the Babuk Locker attack.
You should read it
- What is Ransomware Screen Locker? How to remove?
- New ransomware strain discovered using leaked Windows and Linux encryption
- This is the world's fastest ransomware, encrypting 53GB of data in just over 4 minutes
- 7 kinds of ransomware you didn't expect
- How to hide folders and data on Windows 10 Mobile
- List of the 3 most dangerous and scary Ransomware viruses
- Ransomware can encrypt cloud data
- General guidelines for decoding ransomware
- What is Ransomware Task Force (RTF)?
- [Infographic] 7 effective ways to protect businesses from Ransomware
- How to decode ransomware InsaneCrypt (Everbe 1.0)
- Why is Ransomware the perfect hack?
Maybe you are interested
Dangerous 'Helldown' Ransomware Warning Expands to Linux and VMware
Detecting a new ransomware strain that specializes in stealing login information from the Chrome browser
What is extortionware? How is it different from Ransomware?
New ransomware appears attacking Windows operating system
Difference between Cyber Extortion and Ransomware
How to enable ransomware restrictions on Windows