Babuk Ransomware Stops Working and Goes Open Source

Bleeping Computer reports that the Babuk ransomware operators have announced that their malware stops working and goes open-sourced. A new message has appeared on the group’s website, entitled “Hello World 2”, where the criminals write that they have achieved their goals and decided to curtail their operations.

However, the hackers do not plan to publish decryption keys for free or return ransoms to victims, as other groups have done. Instead, Babuk will become an open source RaaS.

Journalists note that the hackers’ message has changed several times. So, in one of the versions, noticed by the analysts of Recorded Future, the criminals stated that hacking “PD was our last target”, referring to their latest victim – the Central Police Department of the District of Columbia.

In another version of the report, the law enforcement was not mentioned at all, and it was vaguely reported that the group intends to cease operations for the foreseeable future.

Babuk Ransomware Stops Working
In this case, one part of the message always remains unchanged:

We’re going to do something like Open Source RaaS, where anyone can build their own product based on our product and end up with the rest of RaaS [on their own].Operators of Babuk Ransomware write.

Reporters remind that Babuk was spotted by researchers earlier this year. He attacked victims around the world and demanded a ransom of $60,000 to $85,000 in cryptocurrency. Each executable file of the malware was customized for a separate victim, and the malware had hard-coded extensions, a ransom note, and a Tor address for contacting hackers.

Babuk’s operators initially stated that they would not target certain non-profit organizations, as well as organizations in the healthcare, education and small business sectors. However, the criminals soon announced that they had been “working” since the fall of 2020 and removed any exceptions from their website.

It is unclear exactly how many organizations eventually fell victim to Babuk. Currently, the ransomware website lists more than a dozen companies that have not paid the ransom.

Let me remind you that I also recently wrote that DopplePaymer Malware Operators Leaked Illinois Attorney’s Office Data.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.