SentinelOne cybersecurity experts: It’s a new threat actor, leveraging the multi-component and multi-protocol malware, a backdoor.
Chuong Dong: Babuk is a new ransomware appeared on the wild at the beginning of 2021. its strong encryption scheme that utilizes Elliptic-curve Diffie–Hellman algorithm has proven effective in attacking a lot of companies so far
Babuk is a new ransomware appeared on the wild at the beginning of 2021. It has been discovered by the cybersecurity researcher Chuong Dong. The malware exploits some new techniques, as multi-threading encryption as well as abusing the Windows Restart Manager similar to Conti and REvil. For encrypting scheme, Babuk uses its own implementation of SHA256 hashing, ChaCha8 encryption, and Elliptic-curve Diffie–Hellman (ECDH) key generation and exchange algorithm to protect its keys and encrypt files. Like many ransomware that came before, it also has the ability to spread its encryption through enumerating the available network resources. The cybercrime code, moreover, can work with or without command line parameters. If no parameter is given, it’s restricted to only encrypting the local machines. Furthermore, its strong encryption scheme that utilizes ECDH has proven effective in attacking a lot of companies so far.