"Researchers Identify Enterprise Attack Using New Ransomware"

A new ransomware variant dubbed Babuk Locker hit five different companies. The actors behind Babuk Locker target corporations by encrypting files across network-connected devices and asking for up to $85,000 in ransom payment. An investigation of the new attack revealed that Babuk Locker comes with a list of services to close before it begins its encryption process. The first service it closes is the Volume Shadow Copy Service (VSS), a technology included in Microsoft Windows to create backup copies of computer files or volumes when they are in use. Locking this service down makes it more difficult for victims to recover their data. Babuk Locker also blocks the Windows Restart Manager from closing services using files to circumvent obstacles in the opening and encryption of a victim's files. This article continues to discuss Babuk Locker's methods, other similar ransomware threats, and how organizations can defend against threats like Babuk Locker. 

Security Intelligence reports "Researchers Identify Enterprise Attack Using New Ransomware"

 

 

Submitted by Anonymous on