UPDATED 21:52 EST / JANUARY 05 2021

SECURITY

Babuk Locker emerges as the first new form of ransomware in 2021

Five days into 2021, already a new form of ransomware has emerged: Babuk Locker.

First detailed Sunday by Chuang Dong, the ransomware uses its own implementation of SHA256 encryption called “ChaCha8” and also uses so-called Elliptic-curve Diffie-Hellman key generation to protect its keys and encrypt files. SHA256 is an encryption standard that has its roots with the U.S. National Security Agency, while ECDH is an anonymous key agreement scheme.

Bleeping Computer reported that Babuk Locker has amassed a small list of victims around the world with ransom demands varying between $60,000 and $85,000 in bitcoin. Each attack is said to be customized on a per victim basis including a hardcoded extension, ransom note and a Tor victim URL.

Typical of the most prevalent forms of ransomware last year, Babuk Locker includes the theft of data with the threat that if a ransom is not paid, the stolen data will be published online. Those behind Babuk Locker are currently publishing stolen data on a hacking forum rather than their own dedicated leak site.

“Babuk is the latest to hit the radar and it looks like the ‘threat actors’ spent all of their Christmas money on pieces of code that they cobbled together to create this ransomware,” Lamar Bailey, senior director of security research at cybersecurity firm Tripwire Inc., told SiliconANGLE. “Some of the code is well done and other areas, like multithreading, is elementary. I suspect they ran out of money to buy good code and instead, pieced together what they had with bubble gum and bailing wire.”

Bailey explained that if victims try to pay the ransom, they must upload files in a chat so that the hackers can make sure they can decrypt the files, and there’s likely a high failure rate. “Will they make money? Absolutely,” he said. “But like many fads, this will be a thing of the past in a few months and will not generate a lot of money long-term. Until then, stay away from 32 bit .exe files.”

Photo: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU