Babuk Locker ransomware has been spreading worldwide during the mid-week after it was leaked to the vulnerable systems owned by the victims. For the ransom, they were instructed to give $210 which is equivalent to 0.06 $BTC.
Unknown Hacker Leaks Babuk Locker Builder
Babuk Locker Ransomware is back again after a short rest. This time, it operates to target victims worldwide and asked for a ransom worth approximately $210 or 0.06 bitcoins.
The recent attack involving ransomware was not new to the attackers. The unknown group behind the operation has been doing this since January of this year. The only knowledge that we hold about the victims is they are asked to pay a specific amount of ransom so that their details will not be exposed.
Regarded as the first enterprise ransomware of 2021, the Babuk-focused attacks are known for exploiting the victims who work in a corporation. The notorious ransomware gang launched double-extortion attacks to get money from the victims.
In a report by Threatpost published in May, the crew managed to steal more than 250 GB of sensitive information from the Washington DC Metropolitan Police Department (MPD). The leaked data includes mugshots, police reports, memos, and many more.
The following month, the cyberattackers changed tactics. With the new brand "Payload Bin," the dangerous group of hackers has another arsenal for new data extortion attacks. This time, they stuck with the non-encryption technique.
Security Expert Discovers the Leaked Builder
The leaked builder for Babuk operation ransomware was spotted before Monday, June 28. Over Twitter, many cast their worries about the growing ransomware population. It became more intense when Kevin Beaumont, a security researcher shared some information about the builder linked to VirusTotal.
According to Bleeping Computer on Wednesday, June 30, their team found out that it was really the custom ransomware after running several tests for the builder.
Inside it, there was information such as the person's contact details. Moreover, it could be enabled through NAS ARM devices, as well as in the typical Windows OS, and VMware ESXi. The hackers would alter the information of the victims who will receive a ransom note.
Babuk Locker Ransomware Is Not Yet Finished
After startling Twitter users on Sunday, June 27, the leaked builder made rounds online en route to a wide-scale series of attacks. It even reached Reddit, and some users spotted it under the name "Babuk Locker."
Lately, there has been a surge in complaints about the Babuk ransomware. MalwareHunterTeam, a cybersecurity expert said that it began to receive submissions about the builder on Tuesday, June 29. The global attack has been persisting, and many victims were alarmed about this.
Note that the previous version of the attack tells more about the prominent extension called "babyk." What it does is pure encryption and launching of "How to Restore Your Files.txt" which is the ransom note.
Before the attackers give back the files to the victims, they will need to comply with the condition of paying .006 bitcoins as a ransom.
Beware that the group is using an active email address: babukransom@tutanota.com. If you see this format, immediately report it to this.
Related Article: Monero: 'Crackonosh' Malware Affects 222,000 Computers With Pirated Games, Hackers Steal $2M Worth of XMR
This article is owned by Tech Times
Written by Joseph Henry