Every year many new ransomware gangs emerge and become the most prevalent operators in the digital underworld. Well, 2021 officially has its first new high-profile ransomware operation and they are definitely asses.
The group behind Malware Locker Ransomware, heralded as the first new “enterprise ransomware” of 2021, recently launched its first data leak site – a platform where hackers post and make public data stolen by victims Are if victims refuse to pay. them. The group, which surfaced a few weeks ago, has been dubbed the “Big Game Hunter” for its strategy of targeting big institutions for big bouts. It has already hit several large entities — apparently an agreement from a car parts manufacturer, a U.S.-based heating firm, and a lift company among others.
Interestingly, the group has made it known that, apart from being criminals, they are also homophobic and racist.
Amisoft threat researcher Brett Callow shared Babyak’s new site with us and we noticed some unusual language. On the site, the group has listed some parameters for its operation – a type of “hacker code” about which they say they will attack and not attack. In the list, the group notes that it supports small businesses (they only attack firms that make more than $ 4 million annually), they support education (they “except major universities” schools). Will not attack), and they say they will curb the lack of attack on hospitals (except for “private plastic surgery clinics” and some dentists’ offices, apparently). By now they sound like real hackers of people.
However, the group’s “code” is somewhat darkened when they discuss their ideas about attacking charities: Babyk says they don’t like attacking nonprofits or charities, but When they come in groups they will make an exception. Help “LGBT and BLM” (Black Lives Matter).
In addition, the group has a somewhat somber sense of humor: in Babyak’s “About Us” section, the group says they are “not criminals”, only security-minded individuals who test the corporate security system and They ask for a fee in return. By and large, the group calls its cyber attack an “audit”.
“In our understanding – we are some kind of cyberpunch [sic], we randomly test the security of corporate networks and in terms of penetration, we ask for money, and publish information about the threats and vulnerabilities we have received Are, if the company does not come to our blog want to pay, ”the site reads.
In just a few weeks, Babyak has managed to make quite a splash. Prior to the launch of his new site, Babyak posted big data dumps on the popular dark web site Red Forum. Callow told Gizmodo that the group was also responsible for a recent cyber attack on Serco, a multinational outsourcing firm, which has been involved in track and trace efforts. The firm’s track and trace operation is said to have been unaffected by the attack.
“This is probably the first new big game-hunt ransomware of 2021. New ransomware pops up all the time,” Callow said. Although many of them are skid-built and amateur. Groups / ransomware that have the ability to successfully target large enterprises – big game hunters – are slightly more unusual. ”
The Babyq ransomware operation has launched a new data leak site used to publish victims’ stolen data as part of a double extortion strategy. Included is a list of targets they do not attack with some exclusions that certainly stand out.
In 2019, the Labyrinth ransomware operation introduced a new double-extraction strategy to steal unencrypted files and threatened to release them publicly on data leaked sites if the ransom was not paid.
Babyc ransomware, also known as Babook, is a new ransomware operation launched at the beginning of the year and is badly targeting enterprise organizations.
When it was first launched, the ransomware gang was leaking their data in posts on the ‘Red Forum’ hacking forum, but said they planned to launch a dedicated leaked site.
Amsisoft security researcher Brett Callow recently shared a new site created by the Babyc ransomware group, where they are currently listing four victims, and data for three of them has been leaked.
BleepingComputer has seen boycotts for healthcare in the past and ransomware actors call “socially significant” services such as 911, shelters and nursing homes.
Exclusion for Non-Profit is the first time BleepingComputer has looked at determining personal opinion about whether a ransomware operation will encrypt an organization.
With the release of Babook’s site, there are now a total of nineteen active ransomware data leak sites that are used in the double extension strategy.