DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Babuk closes one shop, switches to RaaS?

Posted on April 30, 2021 by Dissent

Hello World 3

In an update on Babuk’s site today, the threat actors write:

I not so long ago wrote about the closure of babuk, yes, you all correctly understood babuk as a partensky program will be closed, but it will live in its new understanding, we are a promoted brand with the best pentesters of dark net

We are a young project and everyone already knows about us, during this time we have gone ahead of other groups, we respect other groups but not all, for example, we express our loyalty to DopplePaymer, Ragnar.

Babuk changes direction, we no longer encrypt information on networks, we will get to you and take your data, we will notify you about it if you do not get in touch we make an announcement.

Also for other groups that do not have their own blog or have but they want to exert additional pressure, you can not be placed with us.

We are open to offers in tox:[deleted by DataBreaches.net]

In a previous chat with a Polish blogger, a Babuk spokesperson had indicated that after the Metropolitan Police Department of D.C., they would no longer attack state or government entities.

A screencap posted on a Russian-language forum yesterday from an unspecified source* seems to reiterate that they will no longer attack government entities, but also notes that their source code will be made publicly available, a development that they have been discussing in that forum since early March.

Stated by Babuk
Image: Exploit.in

The outcome of the Metropolitan Police attack remains to be seen, Babuk had stated that they were in negotiations with the police department, but there has been no word from either party for the past two days. The police department’s listing is still removed from Babuk’s dedicated leak site, but the confidential files are still available online if one knows where to look.

In terms of their future, whether Babuk’s software will be popular remains to be seen. Emisoft had recently reported serious concerns about the quality of Babuk’s ransomware. On April 14, they wrote:

Unfortunately, the velocity at which they evolved their platform came at the cost of quality. As a result, there are multiple fundamental design flaws within both the encrypting and decrypting parts of Babuk on ESXi, which can result in permanent data loss.

One of the bugs within the actual Babuk ransomware on ESXi is that files can be encrypted multiple times. Multiple encryption layers are a nuisance, but ultimately just mean that with some manual effort a victim can still decrypt their data by simply decrypting the ransomed data again and again until all encryption layers have been removed.

That feedback and bad press seems to have concerned Babuk. In their recent interview with a Polish blogger, Babuk asked the blogger to get a message to Emisoft:

We want to convey a message to emisoft that we have fixed all the errors in our decoders, and would like to confirm this.

…  you can see from a live example that the decryptor now works well (image linked from Babuk).

In the meantime, there are likely many police informants and police officers who may be anxious as to whether their personal information is about to be dumped on the dark web.  DataBreaches.net will provide an update on that matter when more information is released.


*Update: Catalin Cimpanu had previously reported a Hello World 2 message from Babuk that was subsequently removed from Babuk’s site.

Category: Malware

Post navigation

← Fr: Baclesse cuts its Internet connection to prevent the spread of a computer worm
Toronto hit by ‘potential cyber breach’ from Accellion file transfer software →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines
  • Call for Public Input: Essential Cybersecurity Protections for K-12 Schools (2025-26 SY)
  • Cyberattack puts healthcare on hold for hundreds in St. Louis metro
  • Europol: DDoS-for-hire empire brought down: Poland arrests 4 administrators, US seizes 9 domains

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information
  • Georgia hospital defeats data-tracking lawsuit
  • No Postal Service Data Sharing to Deport Immigrants
  • DOGE aims to pool federal data, putting personal information at risk
  • Privacy concerns swirl around HHS plan to build Medicare, Medicaid database on autism

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.