A new form of ransomware has already emerged and we are not even a week into 2021. Babuk Locker is the name given to the new variant. The first details came out last weekend from Chuang Dong.
The ransomware has its SHA256 encryption (called ChaCha8) implemented and uses the Elliptic-curve Diffie-Hellman key generation to protect keys and encrypt files.
The SHA256 is an encryption standard that was conceived in the depths of the National Security Agency (NSA) while the ECDH is an anonymous key agreement scheme. Bleeping Computer reported that the ransomware has already gotten its fair share of victims all over the world.
The hackers are in operation
The ransom demands have varied between $60,000 and $85,000 paid in Bitcoin. Each attack is customized for each victim and includes a hardcoded extension, a Tor victim URL, and a ransom note.
As with most of the ransomware types out there, Babuk Locker steals data with the threat that if the ransom is not delivered, the data will be published all over the internet.
The people behind Babuk Locker are already publishing stolen data on a hacking forum, rather than have their website dedicated to their exploits. It would seem that Babuk Locker is the new kid on the block and targets now have one more threat to keep an eye on.
Lamar Bailey, the senior director of security research at Tripwire (a cybersecurity firm), said that Babuk is the latest to hit the radar and appears to be a cobbling together of pieces of code that make up its structure.
If the victims try to pay the ransom, they will have to upload files in a chat so the hackers can decrypt them, possibly with a high failure rate.
The hackers will make money but this too shall pass. Stay away from 32-bit .exe files for now.