What Is Babuk Ransomware? The New, Evolving Malware
Babuk ransomware was discovered fairly recently, in early 2021, but it hasn’t taken long for this destructive new malware to gain notoriety. Known by its Russian spelling, Babyk, in other countries, Babuk ransomware has made a name for itself through several high-profile attacks, and has extorted at least $85,000 from its victims to date.
Despite its successes, Babuk isn’t considered a sophisticated malware. It has a number of bugs and doesn’t obfuscate its code, a tactic most threat actors use to prevent others from understanding it. But this doesn’t mean Babuk ransomware isn’t dangerous. Some victims have had their files corrupted beyond repair, while others have had their private data published on the internet and dark web.
In order to protect yourself, it’s important to learn more about Babuk ransomware, including what Babuk ransomware is, what it does, and how it spreads.
What Does Babuk Ransomware Do?
So, what is Babuk ransomware and what exactly does it do? Like other ransomwares, Babuk gains access to a system, then holds the system or its data hostage until the victim pays a predetermined fee.
At first, the Babuk group used file encryption to gain leverage over its victims but, because the ransomware wasn’t particularly advanced, they weren’t always successful. The ransomware corrupted some machines beyond repair, which meant that even if the victims paid, they wouldn’t be able to get their files back, essentially destroying any incentive to pay the ransom.
However, after a failed attack on the District of Columbia’s Metropolitan Police Department (MPD) in April 2021, the group experienced an internal divide that eventually led to a new approach. Babuk’s admin wanted to leak MPD data for publicity, but others felt this went too far. The second faction split and formed a new group, Babuk V2. As a result of this event and other failures in the ransomware, the group announced that it would focus on data theft and extortion rather than system encryption. The group would publish the data of any victim who didn’t pay their ransom.
On underground forums, the group has said they won’t target charitable organizations or businesses making less than $4 million a year, but they’ve exempted social justice groups supporting LGBTQ and BLM causes from these rules. These organizations, as well as organizations within the healthcare, manufacturing, and logistics industries, should be on the lookout for potential threats.
How Does Babuk Ransomware Spread?
Babuk ransomware operates under a ransomware-as-a-service (RaaS) model, in which an author creates malware and sells it to affiliates who can use it however they wish. Babuk attacks
tend to occur in three stages—initial access, network propagation, and action on objectives—and Babuk cybercriminals use three entry vectors to deliver the malware payload:
In summary, Babuk uses similar methods as other RaaS products to exploit a system. It’s believed Babuk could even be related to Vasa Locker ransomware due to shared ransom notes, codebases, and dropped artifacts.
How To Protect Yourself From Babuk Ransomware
To avoid a Babuk attack, it's important to have ample protections in place, like updated antivirus software and two-factor authentication for all system accounts. As always, you should avoid opening any suspicious emails or messages, and be extremely wary of any links or attachments within them. Finally, by regularly updating your software, you can make sure any vulnerabilities are patched and your system is protected from threats.
Now that you have a better understanding of what Babuk ransomware is and how it works, it’s now time to learn more about ransomware in general. Check out What Is Ransomware? on our blog for insight into this serious threat.
Become proactive with securing and protecting your digital assets to help prevent being held hostage by bad actors. SiteLock can help with our solutions to detect, remove, or restore a website that's been damaged by malware. Contact us today for details about our web security products.