The ransomware group's decryption tool is poorly designed and coded, leading the group to focus more on data theft rather than encryption, researchers report.
The Babuk ransomware gang, which recently announced plans to target Linux/Unix systems in addition to ESXi and VMware systems, is changing its tactics after errors in its code led to issues with decrypting data, researchers report.
For a long time, ransomware operators were primarily focused on Windows, wrote Thibault Seret, security researcher at McAfee, and Noël Keijzer, who works in digital forensics and incident response at Northwave. Now criminals have begun to experiment with writing binaries in the cross-platform language GoLang (Go). Some ransomware groups, such as Babuk, have branched out to target different operating systems.
Babuk recently announced on an underground forum it would be developing a cross-platform binary for these *nix operating systems. "Our worst fears were confirmed," the researchers said, noting many core backend systems in organizations run these operating systems. While Babuk is relatively new, its affiliates have "aggressively" targeted high-profile victims despite problems with the binary that led to issues with decryption, even after the companies paid.
"Ultimately, the difficulties faced by the Babuk developers in creating ESXi ransomware may have led to a change in business model, from encryption to data theft and extortion," they explained. The design and coding of the encryption tool are poorly developed, meaning if a victim pays, decryption can be slow, and there is no guarantee that all files will be recovered.
Read the full blog post and technical analysis for more details.
About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024