Researcher Chuong Dong has uncovered a new ransomware operation called Babuk that launched at the beginning of 2021 and has since amassed a small list of victims from around the world. It uses some of the new techniques he’s seen see such as multi-threading encryption as well as abusing the Windows Restart Manager similar to Conti and REvil.
<p>We see business fads all the time like frozen yogurt shops, tanning salons, subscription boxes, etc. In security, ransomware is the current fad and everybody wants in to turn a quick profit. Babuk is the latest to hit the radar, and it looks like the “threat actors” spent all of their Christmas money on pieces of code that they cobbled together to create this ransomware. Some of the code is well done and other areas, like multithreading, is elementary. I suspect they ran out of money to buy good code and instead, pieced together what they had with bubble gum and bailing wire. If the victim tries to pay the ransom they must upload files in a chat so that the “hackers” can make sure they are able decrypt the files. I expect there is a pretty high failure rate. Will they make money? Absolutely. But like many fads, this will be a thing of the past in a few months and will not generate a lot of money long-term. Until then, stay away from 32 bit exe files.</p>