The alleged cancer diagnosis of a self-proclaimed ex-“Babuk Locker” group member has driven them to publish their ransomware’s source code. Following the member’s disclosure of Babuk Locker’s code on the Russian-language cybercriminal forum XSS, the group has been cast in a new light. Security researchers have pointed to a rift involving a Babuk Locker affiliate, the group’s members, and its administrator, following an April 2021 ransomware attack on the Washington DC Metro Police Department (MPD). The group ultimately split up to form separate ransomware ventures: The administrator is reportedly running the new ransomware-focused RAMP forum and a new data-leak website called Groove, and affiliates have allegedly formed the “Babuk V2” ransomware collective.
Most Recent Flipbooks
Weekly Intelligence Summary 27th August
The well-established “Mozi” peer-to-peer (P2P) botnet has developed new persistence capabilities.
Weekly Intelligence Summary 20th August
A configurable, malicious Traffic Direction System (TDS) has been enabling widespread malware attacks.
Weekly Intelligence Summary 13th August
A years-long reconnaissance campaign against an employee of a US aerospace defense company was discovered and attributed to “TA456”, an Iranian state-backed advanced persistent threat (APT) group.
Weekly Intelligence Summary 6th August
The new “BlackMatter”, “Haron”, and “El_Cometa” ransomware groups, which surfaced in the past three weeks, bear significant similarities to ransomware groups that disappeared last month
Weekly Intelligence Summary 9th July
A vulnerability in Kaseya’s virtual system/server administrator (VSA) software has been exploited to deliver the “REvil” ransomware to multiple managed service providers.