First New Ransomware Variant of 2021 Identified

Summary

The first new ransomware variant of 2021 – dubbed Babuk Locker – has been identified by researchers. Babuk Locker uses new techniques such as multi-threading encryption and the abuse of Windows Restart Manager. The encrypted files are currently appended with the hardcoded extension,  .__NIST_K571__ , and the ransom note is named “How To Restore Your Files.txt.” Similar to other popular ransomware variants, the threat actors behind the new ransomware strain name their victims in posts on a hacker forum and plan to launch a dedicated leak site shortly. At the time of this writing, the infection vector is not known and attacks have been sporadic without a focus on any specific sectors. Many cybersecurity researchers indicate that the number of ransomware attacks will likely increase in 2021, with the healthcare and education sectors heavily targeted.

Recommendations

The NJCCIC advises using a defense-in-depth cybersecurity strategy, security awareness training, and human-based threat hunting to help detect and block these attacks. Recommendations can be found in the NJCCIC Mitigation Guide, Ransomware: Risk Mitigation Strategies.  Further technical details and IOCs can be found in the Bleeping Computer article.