BlackBerry Prevents: Babuk Ransomware
First seen in early 2021, Babuk ransomware has most recently made headlines for using a Microsoft® Exchange servers’ ProxyShell vulnerability to deploy its malicious ransom payload. This is an attack method that has previously been used by ransomware groups such as Conti and LockFile.
The malware has primarily targeted Windows® devices by encrypting the victim’s files with an AES-256 algorithm. In April 2021, the Babuk group released a statement that they would be shifting their attack approach to include double extortion. In this technique, data is both locally encrypted and exfiltrated before a ransom demand is made, giving this the potential to be a lot more damaging than the traditional ransomware method.
To see how BlackBerry prevents Babuk attacks from occurring, check out the following video, and watch BlackBerry go head-to-head with a live sample of Babuk malware.
DEMO VIDEO: BlackBerry vs. Babuk ransomware
Learn more about Babuk in our deep dive blog, Threat Thursday: Babuk Ransomware Shifts Attack Methods to Double Extortion.
Demo Video: How BlackBerry Stops Babuk
Let’s investigate this incident with two key BlackBerry® solutions: BlackBerry® Protect and BlackBerry® Optics. BlackBerry Protect is an endpoint protection product that uses our Cylance® AI machine learning model to stop threats before they can execute, providing users with pre-execution protection.
BlackBerry Protect also provides full details on the malicious file’s properties, with an exhaustive list of threat indicators identifying file anomalies, collection, and destruction capabilities.
BlackBerry Optics gives you full transparency into the attempted system compromise. With BlackBerry Optics, you can conduct automated root-cause analysis where you can clearly see the chain of activities conducted by the user that led to an attack attempt. Using BlackBerry Optics, you can identify the source domain for this attack and visualize all the related network interactions.
A third product, BlackBerry® Gateway, can sense and stop this type of malicious network activity by blocking the traffic based on IP reputation, effectively preventing the installation script from getting the malicious payload from the Internet. Using BlackBerry Gateway, the administrator of the affected system can easily analyze the event and obtain all the relevant data they need to see where the attack came from, and why BlackBerry products activated to stop the attack before it began.
Our Prevention-First Philosophy
At BlackBerry, we take a prevention-first and AI-driven approach to cybersecurity. Putting prevention first neutralizes malware before the exploitation stage of the kill chain.
By stopping malware at this stage, BlackBerry solutions help organizations increase their resilience. It also helps to reduce infrastructure complexity and streamline security management, ensuring your business, people and endpoints are secure.