Adopts complex encryption algorithm for new ransomware family barbook

This year, the first modern ransomware family has been found. The name is Babuk Locker and, for short, it is often commonly referred to as Babuk Locker. It is mentioned that after being targeted by Barbuk, many organisations are now dealing with a blackmail letter in their possession. Attackers seem to have carried out personalized attacks according to the aim, and powerful encryption algorithms are said to have been implemented.

image source: kaspery.com

Chuong Dong, who published information on his blog last weekend, was the first individual to discover this ransomware. The new Barbuk attackers are seeking a minimum of $60,000 and a maximum of $85,000 from victims, according to the survey. There is also an explanation why it adopts a ‘double bullying’ strategy to snatch data according to the current developments in advance. In other terms, if the victim continues to cooperate with the negotiations or wishes not to pay money, the information is threatened with publication.

It is said that ‘advanced malware’ does not belong to Barbook. He clarified that, relative to those who created or run Barbook, or current ransomware attackers, there is little that can be claimed to be unique. However, when it comes to file encryption, he clarified that it demonstrates a little differentiation.

“In two major ways, Barbook encrypts files. When encrypting small files and when encrypting large files. Small files are those with a size of about 41MB or less. Barbook encrypts these files twice with an encryption algorithm called ChaCha8.” Chacha 8 refers to the SHA256 encryption technology implemented by attackers.

The technique is a bit different with files greater than 41MB. First, the file is split into three parts, and in each part, only about 10MB is encrypted. Chuong-dong states why you can save time if you do this. In addition, via the ECDH key generation process, the decryption key is secured and files are encrypted.

SHA256, for reference, is an encryption protocol technique developed by the US NSA. ECDH is a ‘key agreement’ convention. The ‘key agreement’ is the agreement that requires the encrypted file to be decrypted by both sides of the key, and ECDH is one of the principles used to render such an agreement.

Tripwire, the security firm that examined the barbook, explained in its blog that “Barbook is jagged.” This means that some pieces are well made, while others are not at the most simple level. It is fairly good in the case of encryption, but Tripwire explains that multithreading is weak. “It seems like an amateur hacker worked at home during the holiday season,” Tripwire said.

That’s why, while paying for them, Tripwire advises thinking again. This is because if the encryption component is complicatedly twisted like a barbook, the developers themselves are also likely to struggle to decrypt in the case of ransomware only created by amateurs. It was suggested by Chuang-Dong to “check several times before executing the 32-bit .exe file that has been delivered from somewhere.”