https://www.zdnet.com/article/mcafee-babuk-ransomware-decryptor-causes-encryption-beyond-repair/ "Babuk announced earlier this year that it would be targeting Linux/UNIX and ESXi or VMware systems with ransomware." By Jonathan Greig | July 29, 2021 -- 10:30 GMT (03:30 PDT) | Topic: Security
"A new report from McAfee Advanced Threat Research spotlights the Babuk ransomware gang, which recently announced it would be developing a cross-platform binary aimed at Linux/UNIX and ESXi or VMware systems. " "McAfee's Thibault Seret and Northwave's Noël Keijzer wrote that many core backend systems in companies are running on these *nix operating systems, and Babuk wasted little time in infecting high-profile victims despite numerous problems with the binary. Researchers noted that some ransomware gangs experimented with writing their binaries in the cross-platform language Golang (Go). "It seems that Babuk has adopted live beta testing on its victims when it comes to its Golang binary and decryptor development. We have seen several victims' machines encrypted beyond repair due to either a faulty binary or a faulty decryptor," Seret and Keijzer said. " "Even if a victim gave in to the demands and was forced to pay the ransom, they still could not get their files back. We strongly hope that the bad coding also affects Babuk's relationship with its affiliates. The affiliates perform the actual compromise and are now faced with a victim who cannot get their data back even if they pay. This essentially changes the crime dynamic from extortion to destruction, which is much less profitable from a criminal's point of view."
