Analysis of the Babuk ransomware

On 29-07-2021 a report regarding the Babuk Ransomware has been published. The technical analysis written by Noël Keijzer (Northwave) and Thibault Seret (McAfee) covers information about the phases of this attack, the Threat Tactics and the flaws of the Babuk ransomware.

The unique element of the Babuk Ransomware attack was that rather than targeting Windows systems, the focus of the attack was on the (ESXi) hypervisors hosting the Windows systems.

Find the full technical report here  (Additional information can be found on their blogpage)

What does this discovery mean?

There is reason to believe that we were dealing with a rather unexperienced attacker, as the ransomware had various flaws, resulting in situations where data recovery was impossible. This left some victims unable to retrieve their data even after paying the ransom. Presumably this is also the reason that a new course of action was chosen by the attackers, moving from traditional execution of ransomware to extortion.

Fact of the matter is that, though the ransomware is flawed, and the attacker might be unexperienced and even shifting their approach, the data of organisations is still at risk.

Fortunately, there are various ways to adequately protect your data. Northwave advices to:

1. Install updates
2. Work with multi-factor authentication
3. Frequently make backups and check backup recovery
4. Monitor & Secure your endpoints 

Interested to know more about securing your data? Get in touch with our experts.