Morphisec Discovers Brand New Babuk Ransomware Variant in Major Attack

Share Article

Cybersecurity company Morphisec discovered a never-before-seen variant of Babuk ransomware in a major new attack.

"Threat actors have combined Babuk’s leaked source code with open-source evasive software and side loading techniques to create a variant previously unseen in the wild."

Morphisec discovered a brand-new variant of Babuk ransomware during a major attack at the end of November. The attack targeted a Morphisec customer in the manufacturing sector—a large company with more than 10,000 workstations and server devices.

Babuk was first discovered at the beginning of 2021, when it began targeting businesses to steal and encrypt data in double-extortion attacks. Later in the year, a threat actor leaked the complete source code for Babuk on a Russian-speaking hacking forum. Now threat actors have combined Babuk’s leaked source code with open-source evasive software and side loading techniques to create a variant previously unseen in the wild.

The attackers had network access for two weeks of full reconnaissance prior to launching their attack. They then compromised the company’s domain controller and used it to distribute ransomware to all devices within the organization.

The company used a next generation anti-virus (NGAV) solution and Morphisec Guard to defend their endpoints. The ransomware evaded the NGAV on the company’s endpoints, but Morphisec’s Moving Target Defense (MTD) technology stopped the attack, preventing any damage.

Morphisec tested the attack against market leading endpoint detection and response (EDR) tools which at the time of the attack did not detect or prevent it.

Morphisec CTO Michael Gorelik explained, “Our revolutionary Moving Target Defense technology creates an unpredictable memory environment at runtime, making it impossible for attackers to find their targets. MTD protects Windows endpoints, servers, and cloud workloads, and Linux servers and devices from undetectable attacks, closing a critical security gap in other cybersecurity solutions, which rely on detecting malicious files and behavioral patterns. MTD has no noticeable performance impact and lowers total cost of ownership. We pride ourselves on the effectiveness of our unique approach to cybersecurity.”

Morphisec augments cybersecurity solutions like NGAV, EPP, EDR, and XDR from vendors like Microsoft, CrowdStrike, SentinelOne, and more, supplying a true Defense-in-Depth approach to undetectable attacks. It deterministically blocks the most sophisticated and destructive breaches while slashing alert overload for security staff.

For technical details about this new strain of Babuk ransomware, read Morphisec’s blog: New Babuk Ransomware Found in Major Attack. For more information about Moving Target Defense or interviews with Michael Gorelik, please contact Morphisec senior content marketing and communications manager Mitchell Hall.

About Michael Gorelik
Morphisec CTO Michael Gorelik leads malware research and sets technology strategy in the company. He has vast experience as a red teamer, reverse engineer, and contributor to the MITRE CVE database. He has worked extensively with the FBI and Department of Homeland Security on countering global cybercrime. Michael is a noted speaker, presenting at industry conferences including Virus Bulletin, SANS, BSides, and RSA. Michael holds an MSc degree from the Computer Science department at Ben-Gurion University, focusing on synchronization in OS architectures. He jointly holds seven patents in the IT space.

About Morphisec
Founded in 2014, Morphisec has redefined the concept of prevention-first cybersecurity from endpoint to the cloud, stopping the most advanced and disruptive attacks in-memory that others don’t. We add a powerful, ultra-lightweight, Defense-in-Depth layer to augment solutions like NGAV, EPP, EDR, and XDR and close their in-memory security gap against the most sophisticated and destructive cyberattacks. Morphisec’s revolutionary Moving Target Defense technology proactively prevents supply chain attacks, ransomware, fileless attacks, zero-days, and other advanced attacks. Over 5,000 organizations trust Morphisec to protect 8.7 million Windows and Linux servers and endpoints. Every day Morphisec stops 10,000 stealthy and advanced attacks at companies such as Motorola, BlackRock, TruGreen, Covenant Health, PACCAR, Maersk, Citizens Medical Center, and many more.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Mitchell Hall
Morphisec
1 617-826-1212
Email >