2021 already has 5 days gone and we already have a new form of ransomware has came in to limelight: Babuk Locker.
The ransomware uses its own implementation of SHA256 encryption called “ChaCha8” and also uses so-called Elliptic-curve Diffie-Hellman key generation to protect its keys and encrypt files.
Babuk Locker has amassed a small list of victims around the world with ransom demands varying between $60,000 and $85,000 in bitcoin. Each attack is said to be customized on a per victim basis including a hardcoded extension, ransom note and a Tor victim URL.
Babuk Locker like other typical Ransomware includes the theft of data with the threat that if a ransom is not paid, the stolen data will be published online. Those behind Babuk Locker are currently publishing stolen data on a hacking forum rather than their own dedicated leak site.
“Babuk is the latest to hit the radar and it looks like the ‘threat actors’ spent all of their Christmas money on pieces of code that they cobbled together to create this ransomware,”.“Some of the code is well done and other areas, like multithreading is elementary. I suspect they ran out of money to buy good code and instead, pieced together what they had with bubble gum and bailing wire experts added.”
If victims try to pay the ransom, they must upload files in a chat so that the hackers can make sure they can decrypt the files, and there’s likely a high failure rate. “Will they make money? Absolutely,” he said. “But like many fads, this will be a thing of the past in a few months and will not generate a lot of money long-term. Until then, stay away from 32 bit .exe files.” warning ahead.