Babuk Ransomware Gang Is Back In Business With New Malware

Soon after its apparent departure, the notorious Babuk ransomware is once again back in action. As discovered by researchers, the ransomware gang is back with a new domain and leak site listing a few victims.

Babuk Ransomware Is Back

Following the disruptive ransomware attack on the Washington DC Police in May 2021, the Babuk ransomware gang hinted toward its departure.

In their statement, they mentioned DC Police as their last goal that would lead them to open-source their ransomware source code for others while closing down the project.

However, soon after putting up their farewell message (and editing it once to delete the targets), the attackers deleted the message.

This caused doubts about the authenticity of their departure. And now, it turns out that the attackers are back.

Initially, the attackers renamed themselves as “Payload.bin” but demonstrated little activity. This was supposed to be a non-encrypting data extortion model. That is, the attackers would simply ask for the ransom for stolen data without encrypting it. (Perhaps, that might have been due to the faulty encryption functionality of their ransomware).

However, they now have adopted their older name again, as MalwareHunterTeam identified.

Recently, Babuk caused a stir as its old malware source code appeared online. Shortly after this leak, the ransomware emerged to have started a wave of cyberattacks with similar activities. However, the attackers demanded lesser ransom amounts, such as $210 (0.006 BTC), and renamed their malware “Babuck”.

According to Bleeping Computer, the gang has now brought up different malware to target corporate networks.

The new leak site also clearly mentions the sectors exempted from the attackers’ target list. These include hospitals (except dental and plastic surgery facilities, non-profit, schools (except major universities), and small businesses with revenue of less than $4 million.

It’s presently unclear if this comeback also accompanies the same attackers’ team or a different one.  BCA IT in Miami is an IT support service that handles cybersecurity, a solution for these type of incidents.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients