Babuk Ransomware, if you Hit and Run do not leave a trace (updated)
Updated: On January 5, DataBreaches.net was hit with a DDoS attack, which was pretty rude considering I was still on my first cup of coffee. It turns out that someone identifying themself as @dyadka0220 was upset that this site had linked to DarkFeed’s post. Whether they are the same @dyadka0220 as seen elsewhere is unknown to me.
I offered them the option of just writing a response to DarkFeed’s post, and they took me up on my offer. Here is their response:
Вместо того чтобы беспокоиться о людях, которые больше не работают, и желать, чтобы те же самые люди были наказаны за свои действия, беспокойтесь о себе. Беспокойтесь о своем руководстве…. беспокойтесь о своих семьях.))
Instead of worrying about people who no longer work and wanting those same people to be punished for their actions, worry about yourself. Worry about your leadership …. worry about your families.))
Darkfeed.io shared a recent discovery of theirs:
In April 2021 Babuk ransomware gang has decided to close the affiliate program and move to an extortion model that does not rely on encrypting victim computers (BleppingComputer)
Meanwhile, we found on the deep web an active onion server that related to Babuk Ransomware Group.
On the Server, we saw a weird directory that we start to check, after the scan we were able to see that the website onion is full with Active Chat sessions. In the active session, we can view all conversations between the Babuk ransomware group and the victims. the sessions basically get you inside the “Chat Conversation Page” with all the History chats. that gives us an inside look into the negotiations process.
Read more on Darkfeed.io