After just a few months of activity, the operators of Babuk ransomware briefly posted a short message about their intention to quit the extortion business after having achieved their goal.
Unlike other gangs that chose to release decryption keys or even return the collected ransoms, Babuk’s final gesture is to pass the torch to others.
Hanging up the encryption keys
Earlier today, the Babuk ransomware gang said in a message titled “Hello World 2” on their leak site that they had achieved their goal and decided to shut down the operation.
However, they would not leave the stage without a legacy: the source code for Babuk file-encrypting malware would be publicly available once they terminated the “project.”
The message suffered modifications and was visible for a short while on the main page of the site, though. In one version captured by Dmitry Smilyanets of Recorded Future, the cybercriminals said that breaching “PD was our last goal,” a clear reference to their latest victim, the Metropolitan Police Department (MPD). As seen in the screenshot below, “PD” was also in the title.
Another variant of the message, captured by BleepingComputer, did not have “PD” mentioned at all, potentially suggesting that the gang is preparing to end its operations in the foreseeable future, after having compromised a different victim.
Nevertheless, one part of the message is clear in both versions of the message. Whenever the Babuk ransomware gang decides to call it quits, at least under the Babuk name, they would “do something like Open Source RaaS, everyone can make their own product based on our product and finish with the rest of the RaaS.”
Babuk’s latest victim is the Metropolitan Police Department (MPD), the main law enforcement agency in Washington, DC, who confirmed the breach to BleepingComputer.
This came after the cybercriminals said that they had stolen 250GB of data before encrypting MPD’s computers and published screenshots of folders stolen in the attack to prove their claims.
Brief stint, plenty of victims
Babuk ransomware emerged at the beginning of the year. Right from the start it targeted victims all over the world and demanded ransoms between $60,000 to…