Although they are declaring their retirement from the firm, the Babuk ransomware operators seem to have reverted into old habits with a new attack on corporate networks. Following the announcement by the ransomware operators - Babuk, that their affiliate program has been closed and that they are moving to data theft extortion, the groups seem to have resorted to their old corporate systems encryption methods.The hackers are currently using a fresh version of their file-encrypting malware and have relocated the operations to a new leak website that identifies a handful of victims. At the beginning of the year, the Babuk ransomware group came into recognization, although the gang claimed that their attack began mid-October 2020, aiming businesses worldwide to demand ransoms somewhere between $60,000 and $85,000 in crypt-monetary Bitcoin. There were certain instances wherein victims were required to pay hundreds of thousands to decrypt their data. The Washington DC Metropolitan Police Department is one of their most prominent victims (MPD). This attack probably led the threat actor to announce their withdrawal from the Ransomware organization only to embrace another extortion model that did not contain encryption. The group also declared plans to share its malware to let other cybercriminals begin a ransomware-as-a-service operation. The threat actors kept their promise and published their builder, a tool that creates customized ransomware. Kevin Beaumont, a security researcher, discovered it on VirusTotal and communicated the information for detection and decryption in the infosec community. The gang took the name PayLoad Bin after its shutdown in April, although its leak site displays minimal activity. Meanwhile, on the dark web, a new leak site with Babuk Ransomware tags surfaced. This site includes less than five victims who ref ..
Support the originator by clicking the read the rest link below.
