2021 Sees its First Ransomware Family

2021 Sees its First Ransomware Family

Babuk Locker became the first new ransomware family of the year and has been observed targeting a number of victims around the world. It uses multithreading encryption and abuses Windows Restart Manager. After encryption, it demands ransom ranging between $60,000 and $85,000 in Bitcoin.

What has been discovered?


Babuk Locker is following the same path paved by other well-known ransomware families - the double extortion path. 


To date, Babuk Locker has five known victims from around the world, including an office furniture firm, car parts manufacturer, medical testing products manufacturer, elevator/escalator company, and a U.S.-based air conditioning company.
Each Babuk Locker executable has been customized on a per-victim basis that includes a hardcoded extension, Tor victim URL, and ransom note. Although the coding is amateurish, the encryption is secure.

Modus Operandi


When executed, a command-line argument is used to control how the ransomware should encrypt network shares, and whether they should be encrypted before the local file system.
When launched, the ransomware terminates multiple Windows services and processes that may prevent encryption. The terminated services include email clients, database servers, backup software, mail servers, and web browsers.

More ransomware victims this year


At the beginning of 2021, several other ransomware families have been observed targeting several victims.


Recently, a data archive belonging to NameSouth has been publicly leaked by the NetWalker group.
Apex, a clinical laboratory, fell victim to a ..

Support the originator by clicking the read the rest link below.