McAfee experts released a report in which they analysed the Babuk decryptor and reported that it does not work and corrupts victims’ data.The researchers also analyzed the activities of the Babuk ransomware, and came to the conclusion that attempts to make the malware cross-platform and use it against Linux/UNIX and ESXi or VMware have failed.
Let me remind you that at the beginning of the year, the creators of Babuk reported that they had developed a version of the ransomware for *nix, since many backends in large companies do not run under Windows at all.
However, according to the researchers, the ransomware was written with many errors that “led to irreversible data corruption.”
Thus, even if the victim agrees to pay the ransom to the hackers, it will not be possible to decrypt the affected files. Experts hope that this will ultimately affect the relationship of Babuk developers with “partners” who are directly involved in attacks and infect networks of victims with malware. If victims would not get their data back even after paying the ransom, their rage will turn to Babuk’s “partners”.
Since destroying data instead of encrypting it is less profitable from the point of view of criminals, experts believe that the complete inoperability of the *nix version of Babuk and the decryptor that forced hackers to switch to data theft and extortion, abandoning encryption.
Let me remind you that earlier this year, Babuk’s operators announced that they were shutting down (after a loud attack on the Washington police department). It is believed that the hackers renamed their “leak site” to Payload.bin, and were ready to provide it to other criminals as a third-party hosting, where someone’s files can be leaked without starting their own site for this purpose, as well as a platform on which ransomware, access brokers and other criminals will be able to “meet”. Indeed, recently, almost all major hack forums have banned any discussion related to ransomware. However, it seems that the group is not doing very well, and the forum was unable to gain popularity, but was subjected to DDoS attacks and suffered from various bugs.
As for the failed Babuk decryptor, the researchers tell the following about it:
User Review( votes)