BabyDuck Ransomware Threatens to Leak Stolen Files

ransomware

During our analysis of newly discovered file samples, we came across a ransomware program known as BabyDuck. This particular malware is based on the Babuk ransomware.

When we tested the BabyDuck sample on our system, it encrypted files and appended the ".babyduck" extension to their filenames. For instance, a file named "1.jpg" would be transformed into "1.jpg.babyduck", and "2.png" would become "2.png.babyduck", and so on. Additionally, BabyDuck dropped a ransom note named "ATTENTION!!!.txt" onto the desktop.

The ransom note delivered by BabyDuck informs the victim that their files have been encrypted and can only be decrypted by paying a ransom of 1000 XMR, which is the Monero cryptocurrency. At the time of writing, this amount is equivalent to over 140 thousand USD. However, the note suggests that negotiation regarding the ransom may be possible.

Furthermore, the message serves as a warning that if the victim fails to contact or pay the cybercriminals within 72 hours or goes against their demands, the encrypted data will be leaked to the public.

BabyDuck Ransom Note Threatens Data Leaks

The full text of the BabyDuck ransom note goes as follows:

Ducky has got your files encrypted!

This happened because you were not paying attention to your security.

Ducky will give you your files back if you pay him a bit of crypto.

1000 XMR to address

(two alphanumeric strings)

DUCKY WILL MAKE YOUR DATA PUBLIC IF U DON'T BEHAVE!!!

Use TOR browser (hxxps://www.torproject.org/download/) and follow this link, to get the proof of your data is really f*cked up

(onion address)

If you want beg for mercy or negotiate the price, download TOX chat client, and find Ducky there

(alphanumeric string)

AGAIN, READ UP HERE!!! YOU’VE GOT 72 HOURS

1000 XMR to address

(alphanumeric string)

Don't worry, if you behave and pay - you'll get your files back;)

Or you’re gonna be f*cked up. Quack-quack…

YOUR KEY IS
(alphanumeric string)

How Can You Protect Your Data from Ransomware Like BabyDuck?

Protecting your data from ransomware like BabyDuck requires a proactive approach and implementing several preventive measures. Here are some important steps you can take to safeguard your data:

  • Backup your data: Regularly back up your important files to an offline or cloud storage solution. Ensure that your backups are not directly accessible from your computer or network to prevent them from being affected by ransomware. Test your backups periodically to ensure their integrity and ability to restore data.
  • Keep your software up to date: Install security updates, patches, and bug fixes for your operating system, software applications, and plugins. Regularly check for updates and enable automatic updates whenever possible. Outdated software can have vulnerabilities that ransomware can exploit.
  • Use robust security software: Install and maintain reliable antivirus and anti-malware software on all your devices. Keep the software updated and perform regular system scans to detect and remove any malicious programs, including ransomware.
  • Exercise caution with email attachments and links: Be vigilant when opening email attachments or clicking on links, especially if they come from unknown or suspicious sources. Verify the sender's identity and scan attachments with security software before opening them. Avoid visiting untrusted websites or clicking on suspicious ads.
  • Enable firewall protection: Activate and configure a firewall on your devices and network to monitor incoming and outgoing network traffic. A firewall can help block unauthorized access and potentially malicious connections.
  • Practice safe browsing habits: Be cautious when visiting websites, especially those of questionable reputation or that offer pirated content. Stick to reputable sources for software downloads and updates. Avoid clicking on pop-ups or downloading files from unverified sources.

Remember, prevention is key, but in case of a ransomware incident, it's important to avoid paying the ransom. Report the incident to law enforcement and consult with a cybersecurity professional to explore possible options for data recovery.

By Zaib
June 21, 2023
Ransomware
English
June 21, 2023
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

CryptBIT 2.0 Ransomware Threatens to Leak Files

CryptBIT 2.0 is a new variant of file-encrypting malware, also known as ransomware. It represents a continuation of the CryptBIT ransomware under a new name and in a new package. CryptBIT 2.0 will encrypt most files... Read more

November 22, 2022
Ransomware

Snick Ransomware Encrypts Several Files

Snick Ransomware is a dangerous malware threat that comes from the Makop family of malware threats. The actions of Snick Ransomware start with seeking out certain files, encrypting them, and then appending the .snick... Read more

March 3, 2022
Ransomware

Remove STOLEN Ransomware

The STOLEN Ransomware's attack works by encrypting the victim's data, and then offering to sell a recovery tool. However, we assure you that trying to purchase anything off of these cybercriminals is a terrible idea.... Read more

August 12, 2021
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.