The company explained that AstraLocker is ransomware based on the leaked Babuk source code, and encrypts files using a modified HC-128 encryption algorithm, and Curve25519. The extension ".Astra" or ".babyk" is appended to files.
On the Yashma front, Emsisoft said this ransomware gets distributed under the name of "AstraLocker 2.0", and it’s based on the Chaos ransomware builder, using a combination of AES-128 and RSA-2048 to encrypt files. The researchers said it was distributed under the name of "AstraLocker 2.0" and the extension ".AstraLocker," or a random four-character alphanumeric extension is appended to files.
Ransomware has become lucrative and as more ransomware groups come to market, access brokering will grow in demand, said Davis McCarthy, principal security researcher at Valtix.
“As access brokering grows, the need for reliable and innovative delivery methods will grow, as well,” McCarthy said. “Latent malware infections may become ticking time-bombs, with remote access just waiting to be sold to the highest bidder. Proactive security processes, like threat hunting, aid in detecting emerging threats that lead to ransomware.”
Charles Medina, a security engineer at Token, said back-to-back years of cybersecurity talent shortages has left and continue to leave organizations vulnerable until there’ s a global fundamental change in how we practice cybersecurity.
“Companies, open source groups and ‘hobby’ security professionals providing free and open training to the public and enterprise entities are extremely important and vital to good offensive/defensive security approaches,” Medina said.