Static and Dynamic Analysis of Ransomware: Insight from Babuk and Lockbit 3.0

Abstract

Ransomware remains a significant cybersecurity threat, targeting both private and public sectors with increasing sophistication. This study analyzes Babuk and Lockbit 3.0 ransomware through static and dynamic methods to uncover their technical characteristics and runtime behaviors. Static analysis reveals differences in structural complexity, with Babuk employing a simpler architecture while Lockbit 3.0 incorporates advanced features such as additional sections and dynamic functionality. Dynamic analysis highlights distinct operational strategies, including encryption patterns and registry modifications for persistence and obfuscation. These findings provide critical insights into ransomware behavior, serving as a foundation for developing AI and ML-based detection systems to identify and mitigate evolving threats effectively.