Bleeping Computer reports that the Babuk ransomware operators have announced that their malware stops working and goes open-sourced. A new message has appeared on the group’s website, entitled “Hello World 2”, where the criminals write that they have achieved their goals and decided to curtail their operations.
However, the hackers do not plan to publish decryption keys for free or return ransoms to victims, as other groups have done. Instead, Babuk will become an open source RaaS.Journalists note that the hackers’ message has changed several times. So, in one of the versions, noticed by the analysts of Recorded Future, the criminals stated that hacking “PD was our last target”, referring to their latest victim – the Central Police Department of the District of Columbia.
In another version of the report, the law enforcement was not mentioned at all, and it was vaguely reported that the group intends to cease operations for the foreseeable future.
In this case, one part of the message always remains unchanged:
Reporters remind that Babuk was spotted by researchers earlier this year. He attacked victims around the world and demanded a ransom of $60,000 to $85,000 in cryptocurrency. Each executable file of the malware was customized for a separate victim, and the malware had hard-coded extensions, a ransom note, and a Tor address for contacting hackers.
Babuk’s operators initially stated that they would not target certain non-profit organizations, as well as organizations in the healthcare, education and small business sectors. However, the criminals soon announced that they had been “working” since the fall of 2020 and removed any exceptions from their website.
It is unclear exactly how many organizations eventually fell victim to Babuk. Currently, the ransomware website lists more than a dozen companies that have not paid the ransom.
Let me remind you that I also recently wrote that DopplePaymer Malware Operators Leaked Illinois Attorney’s Office Data.
