Home News Babuk Ransomware Group Changes Course; Moves from Encryption to Extortion

Babuk Ransomware Group Changes Course; Moves from Encryption to Extortion

Russian-speaking Babuk ransomware group made a series of announcements claiming the shutdown of its encryption operation and moving to an extortion model for demanding ransom.

BlackMatter Group, Volvo Cars ransomware attack

The infamous Babuk ransomware group has announced that it is shutting down its operation. The group allegedly posted the blackout message on its data leak site, which was later taken down. The Russian-speaking gang has been very active since the beginning of 2021 and has targeted various organizations in sectors like healthcare, government agencies, manufacturing, and logistics. Recently, the Babuk ransomware operators infiltrated D.C. Police Department’s networks and threatened to leak confidential information like names of suspected gang member informants and data from crime briefings.

Series of “Hello World” Announcements

In their initial post titled Hello World 2, the Babuk ransomware gang claimed that they had achieved their goal and decided to stop their operations.

“We are happy to inform you that PD was our last goal, only now they determine whether the leak will be or not, in any case regardless of the outcome of events with PD, the Babuk project will be closed, its source codes will be made publicly available, we will do something like Open Source RaaS, everyone can make their product based on our product and finish with the rest of the RaaS,” Babuk’s message read.

However, the operators removed this message from their site shortly and posted another message titled Hello World 3. The operators stated that they will run an extortion model attacking method, without encrypting networks, demanding a ransom for information compromised.

“Babuk changes direction, we no longer encrypt information on networks, we will get to you and take your data, we will notify you about it if you do not get in touch, we make an announcement,” the message added.

Short Time, Plenty of Victims!

Babuk ransomware affected plenty of victims within a small time frame. The operators behind the group leveraged double extortion techniques to harass victims and demand high ransom payments ranging from $60,000 to $85,000. Babuk infected several organizations, including Houston Rockets, Phone House Spain, Metropolitan Police Department, and Telethon: biotech.

Given their success in a short period, it’s unlikely for Babuk operators to close shop so easily. The shutdown of its encryption operation is only to misguide law enforcement and make an even stronger comeback.