A Technical Look At The New 'Termite' Ransomware That Hit Blue Yonder

Description

The Termite ransomware, a rebranded version of Babuk, recently targeted supply chain management platform Blue Yonder. This new strain employs advanced tactics, including double extortion, to maximize its impact. Upon execution, it terminates services, deletes shadow copies, empties the recycle bin, and encrypts files while avoiding certain system folders. The ransomware spreads through network shares and appends a '.termite' extension to encrypted files. It uses multiple MITRE ATT&CK techniques for execution, defense evasion, discovery, and impact. The emergence of Termite highlights the need for robust cybersecurity measures, proactive threat intelligence, and effective incident response strategies to counter evolving ransomware threats.