FOLLOW US

The Russia-based Babuk ransomware gang says it will not launch any more hack attacks. But they will be making their malicious malware source code available for the use of future attackers.

The gang issued a statement on their darknet website: "The babuk project will be closed, its source code will be made publicly available, we will do something like Open Source RaaS, everyone can make their own product based on our product."

Babuk is a new player. They were first implicated in the December 2020 ransomware attack of the Houston Rockets basketball team.

Last week the DarkSide ransomware gang apologized for attacking the Columbia Pipeline in the U.S. The Maze, Ziggy, and Fonix ransomware attack teams all claim they are abandoning their hacking activities. But these groups also made their ransomware's decryptor keys available. So their victims can regain access to the stolen/encrypted data.

On the other hand, Babuk is still trying to collect a ransom.

Babar ransomware gang leaking D.C. police information

Babuk took credit for last month’s hacking into the Washington D.C. police department's internal computer network. They threatened to leak details of confidential informants if they didn’t receive an unspecified ransom. And they initially gave the police only three days to pay up.

Several times, the gang has leaked portions of the stolen data. But it appears the ransom still has not been paid.

The D. C. Metropolitan Police Department has over 4,000 employees. It is one of the largest local police agencies in the United States.

The Metropolitan Police Department immediately called in the FBI. They confirm an attack but are not giving further details. 

Retirement or Reinvention?

Cybersecurity experts say that these cybercriminal gangs may only be claimed to shut down. But the bad actors often resurface in other gangs. Or the entire enterprise may reappear under a new name. They are criminals and it is anticipated that they will continue to commit crimes.

The director of Malwarebytes Labs Adam Kujawa said "Ransom actors are professional liars and scammers; to believe anything they say is a mistake," when he heard that Maze was announcing its retirement.

Brett Callow, a threat analyst with Emsisoft, says Babuk likely decided to end its ransomware operation, because of the widespread media coverage of its D.C. police attack. And they were also under the microscope for problems with its malicious code.

Babuk code flaws go public

"I suspect that Babuk simply got cold feet as a result of the attention the MPD incident generated. This is not a sophisticated group, and they may simply have decided to quit while ahead," Callow says. "Unfortunately, it seems that they plan to continue operations on a RaaS [ransomware-as-a-service] basis."