Babuk re-organizes as Payload Bin, offers its first leak

At the end of April, threat actors known as Babuk indicated that they were closing up shop and switching to a different model: Babuk changes direction, we no longer encrypt information on networks, we will get to you and take your data, we will notify you about it if you do not get in...

How to Negotiate with Ransomware Hackers

Rachel Monroe has an interesting profile of a ransom negotiator in The New Yorker. But the piece also provides an answer to a puzzling claim in a blog post by REvil that referred to fraudulent middlemen. When the negotiator hired by a victim entered the chat, they discovered that someone had already been negotiating...

Secret Chats Show How Cybergang Became a Ransomware Powerhouse

There’s an interesting piece by  Andrew E. Kramer, Michael Schwirtz and Anton Troianovski in the New York Times: Secret Chats Show How Cybergang Became a Ransomware Powerhouse. The reporters obtained access to the internal  dashboard that DarkSide customers used to organize and carry out ransom attacks and their piece provides some insights as to how DarkSide “support” dealt...

CA: Azusa Police reveal ransomware attack in March

On March 17, the DoppelPaymer threat actors added Azusa Police Department in California to the leak site where they list ransomware victims who have refused to pay their ransom demands. On April 22, the threat actors increased the pressure on the department — or attempted to — by dumping some files as proof that...

Au: BLK Sport reveals DarkSide attack

On May 26, BLK Sport disclosed that they had been attacked by DarkSide on April 21, 2021. Of note, the firm states that they have to assume that information may have been exfiltrated (because that’s how DarkSide normally operated), but they have been unable to actually determine the extent of any information theft. According to...

MA: Sturdy Hospital pays ransom after patient information is stolen

Updated June 1: External counsel for the hospital notified the Maine Attorney General’s Office that this incident resulted in notifications to  42,336 people and that those affected were offered two years of Experian credit and identity monitoring services. Updated June 3: It seems that on May 28, they notified HHS that they notified 57,379,...