Skip to main content


Home Babuk

Babuk

Also known as: Babyk, Vasa Locker

Category: Malware

Type: Ransomware

Platform: Windows, Linux

Damage potential: Data encryption and loss, data breach, financial loss, operational disruption, reputational damage

Overview

Babuk is a ransomware family that targets corporate networks. Once on a system, Babuk quickly encrypts files, and attackers demand payment in exchange for a decryption key. If the victim refuses to pay, attackers threaten to publish the stolen data. Babuk was first spotted in 2021 and has been a threat to companies ever since.

Possible symptoms

The most obvious signs of a Babuk infection are inaccessible files and a ransom note. You may also notice slower system performance, unusual network activity, or suspicious processes in the task manager.

Sources of the infection

Phishing emails, vulnerabilities in outdated software or the Remote Desktop Protocol (RDP), malvertising, supply chain attacks, and compromised websites are the main sources of infection for Babuk ransomware.

Protection

Phishing awareness is key for not falling victim to Babuk. Here are some other measures you can adopt to protect your company network from this ransomware:

  • Regularly back up important data.
  • Update all software to make use of recent security patches.
  • Enable multi-factor authentication (MFA) for extra protection against unauthorized access.
  • Organize phishing awareness training for employees.
  • Implement network segmentation to prevent malware from spreading over the network.
  • Disable unnecessary Remote Desktop Protocol and other remote access ports to avoid vulnerabilities.
  • Limit user access to what’s strictly necessary.
  • Run regular security audits.
  • Have an incident response plan detailing how to isolate infected systems, inform stakeholders, and restore data from clean backups.

Removal

Follow these steps to get rid of Babuk, using antivirus software:

  • Disconnect the infected device from the internet.
  • Isolate the device on your network.
  • Boot into safe mode and run a full system scan.
  • Follow your software’s instructions to remove Babuk.
  • Restore files from a clean backup.
  • Consult a cybersecurity expert if you need help with file recovery or decryption.

Remember that paying the ransom is not recommended, because it doesn’t guarantee file recovery and encourages cybercrime.