Home Malware Programs Ransomware Babuk Locker Ransomware

Babuk Locker Ransomware

Posted: January 5, 2021

The Babuk Locker Ransomware is a file-locking Trojan that has no known family. Its campaign blocks files on Windows systems and redirects victims to a TOR site for ransom-based recovery. Windows users in general and businesses should have backups of their own for restoration and let their chosen security service brand delete the Babuk Locker Ransomware.

Trojans Taking Every Precaution against Foolish Companies

The Babuk Locker Ransomware is a Windows Trojan whose recent identification comes as a mild surprise since it's a business entity-targeting threat without any connections to previous Trojan projects or families. It's possibly etymologically based on the Malay word for 'stupid' or 'foolish.' the Babuk Locker Ransomware implements considerably-broad features for wiping out users' media files and holding them as encryption-locked hostages. Its monetization model is standard, even if much else about it is far from it.

The Babuk Locker Ransomware locks the infected system's documents and other valuable media by converting each file with an SHA-256 hash, a variant of ChaCha encryption and private ECDH keys. Recovery of the non-opening files requires the threat actor's assistance, thanks to the key-based security. Interestingly, the Babuk Locker Ransomware also uses what might be a randomly-generated extension for files ('.__NIST_K571__').

The Babuk Locker Ransomware's threat actor traffics in anonymous TOR website-based ransoms for their decryption tool. They also leverage considerably-more attacks for supporting the extortion than some comparable Trojans, including:

  • Encryption of non-local drives (such as wireless network ones)
  • Closing any programs that interfere with the encryption routine, such as browsers or office productivity applications
  • Erasing the local Shadow Copy data (the Restore Points)
  • Deleting the Registry's intranet and proxy settings

These features make the Babuk Locker Ransomware into a comprehensive package for compromising an optimal amount of data after the attacker breaches a server or network.

Worthy Safety Steps against a Trojan's Kind of Business

Workers should have appropriate training on avoiding the more prolific infection vectors for file-locker Trojans' campaigns. Many businesses experience breaches after an employee opens a disguised e-mail attachment or link to a document with macros or 'advanced' content, especially. Password security and software updates are critical to keeping a target from being too easily accessible to remote attackers that use brute-force software or similar black hat utilities equally.

There isn't a free decryption tool for the Babuk Locker Ransomware, and malware analysts don't anticipate them for most professionally-maintained Trojan families. Since reversing encryption is infrequent with business entity-targeting threats, companies should prepare redundant and up-to-date backups on additional devices. Home users also can benefit from a cloud or USB backup; encryption features like the Babuk Locker Ransomware's work just as well against a home PC as an entire company's servers.

A minor bright spot in the Babuk Locker Ransomware campaign is that its threat actors don't waste time implementing identity-obfuscating features, for now. Most PCs with appropriate security products should remove the Babuk Locker Ransomware as a danger before attacks load.

The Babuk Locker Ransomware is a strong contender in a field that's full of both simplistic and credibly-threatening rivals, from the Xorist Ransomware up to Dharma Ransomware's RaaS. While there's no verifiable price for its unlocker, companies shouldn't need to do much math to realize that an ounce of prevention will pay off for data security.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Babuk Locker Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.