Albabat Ransomware Evolves to Target Multiple OS

- Reported on March 21, the Albabat ransomware has evolved, with versions 2.0.0 and 2.5 expanding its targets beyond Windows to include Linux and macOS. The ransomware retrieves configuration data via the GitHub REST API, using a repository linked to a pseudonymous account. It selectively encrypts specific file types while avoiding certain system folders and actively terminates security and productivity-related processes. - The malware gathers system and user data, storing it in a PostgreSQL database to track infections and ransom payments. Additionally, a private GitHub repository suggests ongoing development of version 2.5, incorporating cryptocurrency wallets for Bitcoin, Ethereum, Solana, and BNB. - Security recommendations emphasize proactive monitoring, network segmentation, patching, backups, and user training to mitigate risks.