In the early days of ransomware things were fairly simple: malware would infect your company’s infrastructure, encrypting your valuable data with a secret key that was only known to your attackers.
If you had shown the foresight of making secure backups in advance, you could get back up and running again. But if you had no backups, your only chance of getting your data back was if you were prepared to pay a ransom to the gang hell bent on extorting a sometimes hefty cryptocurrency from you.
But in recent years there have been more and more ransomware attacks which have been combined with the exfiltration of data, prior to its encryption. If criminal hackers have a copy of your data you don’t have the “get-out-of-jail-free” card of a secure backup to play. Because your extortionists can also threaten to publish your data online regardless of whether you have successfully recovered your systems, potentially damaging your brand and relationships with customers and business partners.
In April, as reported by Bleeping Computer, the Babuk ransomware gang announced that it was stepping back from encrypting victims’ data.
Although normally such news would be welcomed, in this case the Babuk gang announced that they were not ceasing their criminal activities entirely – but instead were planning to concentrate on data-theft extortion instead.
In a post on its then active website on the dark web, the Babuk group announced its plans in rather broken English:
I not so long ago wrote about the closure of babuk, yes, you all correctly understood babuk as a partensky program will be closed, but it will live in its new understanding, we are a promoted bra ..
Support the originator by clicking the read the rest link below.
