Soon after its apparent departure, the notorious Babuk ransomware is once again back in action. As discovered by researchers, the ransomware gang is back with a new domain and leak site listing a few victims.
Babuk Ransomware Is Back
Following the disruptive ransomware attack on the Washington DC Police in May 2021, the Babuk ransomware gang hinted toward its departure.
In their statement, they mentioned DC Police as their last goal that would lead them to open-source their ransomware source code for others while closing down the project.
However, soon after putting up their farewell message (and editing it once to delete the targets), the attackers deleted the message.
This caused doubts about the authenticity of their departure. And now, it turns out that the attackers are back.
Initially, the attackers renamed themselves as “Payload.bin” but demonstrated little activity. This was supposed to be a non-encrypting data extortion model. That is, the attackers would simply ask for the ransom for stolen data without encrypting it. (Perhaps, that might have been due to the faulty encryption functionality of their ransomware).
However, they now have adopted their older name again, as MalwareHunterTeam identified.
"The Babuk v.2.0 is proud to present a huge upcoming update."
They "worked hard for weeks" to make their old leak site "Payload.bin" only to start a new domain with their old site?
Also you know, they said they "no longer encrypt information on networks", so… pic.twitter.com/uSgGlj6Yi5
— MalwareHunterTeam (@malwrhunterteam) July 1, 2021
Recently, Babuk caused a stir as its old malware source code appeared online. Shortly after this leak, the ransomware emerged to have started a wave of cyberattacks with similar activities. However, the attackers demanded lesser ransom amounts, such as $210 (0.006 BTC), and renamed their malware “Babuck”.
According to Bleeping Computer, the gang has now brought up different malware to target corporate networks.
The new leak site also clearly mentions the sectors exempted from the attackers’ target list. These include hospitals (except dental and plastic surgery facilities, non-profit, schools (except major universities), and small businesses with revenue of less than $4 million.
Let us know your thoughts in the comments.