Babuk Locker Ransomware uses its own implementation of SHA256 hashing, ChaCha8 encryption, and Elliptic-curve Diffie–Hellman (ECDH) key generation and exchange algorithm to encrypt victim files and protection of the encryption keys. Its a straight forward ransomware with no obfuscations and uses multi-threading encryption as well as exploiting the Windows Restart Manager similar to Conti Ransomware and REvil. .__NIST_K571__ is added to encrypted files.
It ask user to contact them at their TOR for ransom demands and get the files back. The attackers usually demands from $60,000 to $85,000 in Bitcoins.