“Given that their code sucks to the point of causing even victims who pay to lose data, smarter cyber criminals will likely find other affiliate opportunities to be far more attractive,” Callow says.
The Babuk coding flaws were first publicly called out by Chuong Dong, a very bright computer science major at Georgia Tech. He has been jibing the Babuk ransomware gang on twitter.
He tweets “I guess that my favorite ransomware group is in their end game now. Did not expect the #Babuk team to stop here, but I’m glad they do.”
I guess that my favorite ransomware group is in their end game now🤠Did not expect the #Babuk team to stop here, but I'm glad they do.
Also glad that they got my name right for once 🤣https://t.co/tjuxdVjVTF pic.twitter.com/XRXFKDyU6T
— Chuong Dong (@cPeterr) April 29, 2021
Dong also put out a report on last weeks’ DarkSide Ransomware malware. DarkSide recently apologized for the Colonial Pipeline hack which is causing the U.S. issues with rising gas prices and infrastructure security.
Checkout my full report on #Darkside #Ransomware v1.8.6.2!
The malware uses custom RSA-1024 and Salsa20 for hybrid-cryptography and aPLib compression to hide its configuration.
H/t to @demonslay335 @ZawadiDone @VK_Intel @Chiam3GhouL and @JAMESWT_MHT!https://t.co/z1bBgBDS7M pic.twitter.com/XapPapM04s
— Chuong Dong (@cPeterr) May 7, 2021
Emsisoft also pointed out defects in Babuk’s encryption and decryption code. If the attack targets ESXi servers it can lead to a total loss of data for the victim. That’s why Callow says the group’s RaaS offering will likely be unpopular with other attackers.
