Contents:
After the Babuk ransomware operators have announced that they decided to close the affiliate program and move to data theft extortion, the group seems to have returned to their previous methods of encrypting corporate systems.
At this time, the hackers are employing a new version of their file-encrypting malware and have shifted the operation to a new leak website that registers a handful of victims.
Babuk is a new ransomware threat discovered at the beginning of 2021 that has impacted several big organizations globally and works by the modus operandi known as the “big-game” hunting strategy.
As with other versions, this ransomware is deployed in the network of enterprises that the criminals carefully target and compromise. Babuk hackers usually demand ransoms between $60,000 and $85,000 in bitcoin cryptocurrency.
The Babuk Locker operators shut down their operations and adopted another extortion model that didn’t include encryption at the end of April following the cyberattack against the Washington, DC police department.
The ransomware group broke into the Washington, D.C., Metropolitan Police Department, encrypted its files, and requested a $4 million ransom.
Babuk Ransomware Still Operational
The threat actor also announced it intends to release its malware so that other hackers could start a ransomware-as-a-service operation.
As we announced yesterday, the builder for the Babuk Locker ransomware, a tool that is employed to create custom ransomware executables, was leaked online. Cybersecurity expert Kevin Beaumont discovered that someone uploaded the code used to build copies of Babuk ransomware to malware-scanning service VirusTotal.
In May, the Babuk Locker group rebranded their ransomware leak website into Payload.bin and began offering the opportunity to other gangs to use it to leak data stolen from their victims.
In order to make more money, the Babuk ransomware group is now focusing on corporate networks.
We still don’t know what made the gang slip back into their old practices but it seems that the extortion business model wasn’t a very good plan.