Babuk Ransomware, if you Hit and Run do not leave a trace
Darkfeed.io shared a recent discovery of theirs:
In April 2021 Babuk ransomware gang has decided to close the affiliate program and move to an extortion model that does not rely on encrypting victim computers (BleppingComputer)
Meanwhile, we found on the deep web an active onion server that related to Babuk Ransomware Group.
On the Server, we saw a weird directory that we start to check, after the scan we were able to see that the website onion is full with Active Chat sessions. In the active session, we can view all conversations between the Babuk ransomware group and the victims. the sessions basically get you inside the “Chat Conversation Page” with all the History chats. that gives us an inside look into the negotiations process.
Read more on Darkfeed.io