Leading Multinational Technology Manufacturer Stops Babuk Ransomware with Darktrace AI
Darktrace, a global leader in cyber security AI, today announced that a leading multinational technology manufacturer successfully interrupted Babuk ransomware with Darktrace’s Autonomous Response technology, Antigena.
Headquartered in Asia, the company designs and manufactures technology solutions that facilitate the adoption of smart medical devices as well as electric and autonomous vehicles and is a key industry player.
The organization was using Darktrace’s detect, respond and investigate capabilities. The Self-Learning AI forms a constantly evolving understanding of both IT and operational technologies at the company, allowing it to identify the subtle, emerging signs of cyber-threats in real time.
In the early hours of the morning, Darktrace AI detected that a device within the business was behaving abnormally; it was performing network scanning and making unusual connections with other internal devices. The AI not only noted this behavior as out-of-the-ordinary but as malicious.
The algorithms then calculated the best action to take to autonomously contain the in-progress attack and blocked the infected device from making further connections while allowing normal business operations to continue – both in the office and on the manufacturing floor. These algorithms work by enforcing the normal ‘patterns of life’ for compromised users and devices. This proportionate and highly targeted response is possible because of the AI’s continually evolving understanding of what ‘normal’ looks like at a granular level for each part of the company’s digital ecosystem.
In post-compromise analysis conducted by the AI, it was found that the device was attempting to distribute files involving ‘babyk’ extensions.
Babuk, a double-extortion ransomware threat discovered in 2021, is a sophisticated campaign that has actively targeted high-value organizations around the world. Operators have inflicted damage not only by encrypting files and crippling systems, but also threatening to leak sensitive data if ransom payment is not received.
The attempted attack follows warnings from government agencies about a global rise in cyber-threats, particularly those targeting critical infrastructure and organizations embedded in global supply chains. Ransomware attacks, such as those above, are effective ways for nation states to carry out espionage, disrupt society and flex their muscles on a global stage.
“Babuk ransomware began its life as a Ransomware-as-a-Service (RaaS) tool, but since its source code was leaked in July, it has been adopted by a number of cyber-criminal groups to be used in different ways,” commented Toby Lewis, Head of Threat Analysis, Darktrace. “These attacks often strike out of hours and so it has never been more critical that defenders of critical infrastructure are using artificial intelligence to allow their organizations to self-defend against advanced threats.”