BabyLockerKZ’s main target is Brazil. MedusaLocker ransomware-derived malware. The discovery was made by cybersecurity researchers at Cisco Talos.
BabyLockerKZ focuses on financial transactions and has shifted its operations: It left Europe last year and focused on Latin America in 2024, according to a report published by the company. Brazil is on target.
- Eventually terms like “malware” and “ransomware” will be explained
Companies and institutions are most affected by malware. According to Cisco Talos, variant attacks have kept a monthly volume of approximately 200 compromised IP addresses steady through the first quarter of 2024; More than 100 victims per month since 2022.
“A feature of this variant is that it is compiled with a PDB path (file extension) containing the word ‘paid_memes’. Researchers comment that ‘BabyLockerKZ’ has significant differences compared to the classic version of MedusaLocker.
The main features of the variant include changes to automatic execution and the use of additional keys stored in the registry. “This factor especially strengthens the professionalism and precision of cybercriminals in their attacks,” experts say.
BabyLockerKZ’s modus operandi relies on publicly available attack tools and off-the-shelf binaries (LoLBins), a suite designed to aid credential theft and lateral movement within compromised organizations.
Another tool found in the variant is the “checker”, a program that facilitates the discovery of vulnerabilities in the infected system to accelerate the spread of the virus.
In short, BabyLocker has the ability to steal credentials, seize files, and perform financial transactions on computers. Cisco’s full report provides more technical information about the malware.
Malware and ransomware
What is malware: We call malware any program that is created to infiltrate your computer or mobile device without your knowledge, aiming to cause problems and open the door to fraud and attacks. There are different types of software that fall into this category, such as spyware, Trojans, and ransomware.
What is ransomware: Ransomware is like the pirate of the digital world. The virus enters your computer or smartphone, encrypts (hijacks) all files and demands a payment for their release.
Apart from the obvious issue of financial loss, ransomware operators also engage in blackmail by leaking sensitive data captured by the virus. Learn more about this in the video shown above.
Source: Tec Mundo
I am a passionate and hardworking journalist with an eye for detail. I specialize in the field of news reporting, and have been writing for Gadget Onus, a renowned online news site, since 2019. As the author of their Hot News section, I’m proud to be at the forefront of today’s headlines and current affairs.
