Ransomware is back with a new variant of Babuk ransomware.
After announcing its retirement from the ransomware business and renaming its site of leaks into a platform for publishing leaks by other cybercriminals, the Babuk group, it seems, still could not sit “retired” and again returned to their favourite pastime – encrypting corporate networks.
According to Bleeping Computer, the Babuk group returned with a new version of the ransomware and launched a new leak site, where several organizations are already listed as victims.
The cybercriminal group began its activities in mid-October 2020 but became known at the beginning of this year. In April, cybercriminals kidnapped and published data from employees of the Metropolitan District of Columbia Police Department (USA), after which they announced that they had achieved their goal and “retired.” True, after a while they returned, but only in order to provide their site of leaks to other groups that do not have their own sites.
Announcing their resignation, the hackers also promised to open the Babuk source code and thereby provide other groups with the opportunity to start their own ransomware business. They kept their word and published the Babuk builder, which was later discovered by security researcher Kevin Beaumont.
However, it seems that cybercriminals have not abandoned old habits. A new site of leaks has appeared on the darknet, where so far fewer than five victims have been published who have refused to pay the ransom. As it turned out, the hackers posted only the old version of the ransomware and continue to attack victims with the new one.
According to the group itself, the recent spike in attacks using the old version of Babuk, in which ransomware requires only 0.006 bitcoin, is not its doing.
What made the hackers go back to work is unknown. Considering how empty their old leaks site was provided to other hackers, it can be assumed that this venture turned out to be a failure. It is also unknown if this is the group that attacked the police department in Washington, or if it split after the attack.
Catch up on more articles here
Follow us on Twitter here