The builder for Babuk Locker ransomware was leaked this week, allowing access to advanced ransomware for anyone online looking for ways to get into ransomware with little effort.
According to the leak, the Babuk Locker “builder” can be used to create different versions of ransomware for encrypting files on various devices including, Windows, Network Storage Attached (NAS) devices, and even VMWare ESXi servers.
According to Kevin Beaumont, a UK cybersecurity expert, the builder is used for making “Babuk payloads and decryption.”
Ransomware leak time – Babuk's builder. Used for making Babuk payloads and decryption.
builder.exe foldername, e.g. builder.exe victim will spit out payloads for:
Windows, VMware ESXi, network attached storage x86 and ARM.
— Kevin Beaumont (@GossiTheDog) June 27, 2021
MalwareHunterTeam also noted that the ID ransomware found a sharp spike in Babuk Locker submissions since June 29, 2021 – after the builder was released. The ransomware attack incorporates babykie encrypted files and drops a ransom note in a file named “How to Restore Your Files.txt.”
The Metropolitan Police Department has been a recent target. The DC Police has confirmed that they have suffered a cyberattack after the Babuk Locker ransomware leaked stolen data online.
“We are aware of unauthorized access on our server. While we determine the full impact and continue to review activity, we have engaged the FBI to fully investigate this matter.” – Metropolitan Police Department.
This official statement from DC Police came after the Babuk Locker gang revealed that they had stolen 250 GB of unencrypted data from DC Police’s network.
Babuk Locker Gang Leaked Information on DC Police
The Babuk Locker gang also posted screenshots online of various stolen folders during the attack on Metropolitan Police Department. The files contain information related to operations, gang members, disciplinary records, and DC police officers.
Babuk also warned the DC police that they have 3 days to contact them or they will disseminate the information among other gangs, including data on police informants.
Here is a statement from the Babuk gang on their data leak site:
“Hello! Even an institution such as DC can be threatened, we have downloaded a sufficient amount of information from your internal networks, and we advise you to contact us as soon as possible, to prevent leakage, if no response is received within 3 days, we will start to contact gangs in order to drain the informants, we will continue to attack the state sector of the usa, fbi csa, we find 0 day before you, even larger attacks await you soon.”
Below is a screenshot of all the stolen folders with a timestamp of 4/19/2021 which is likely when they stole the data.
According to AP News, the Babuk Locker gang asked the DC police to pay $4 million to prevent the data from leaking. However, the police made an offer of $100,000, which was declined by the gang. Since the ransom was not paid, they leaked the internal police files, including background information on police officers.
The hacker’s responded on their website, saying:
On May 12, 22 PDFs were leaked by the gang that included the background investigation of police officers.
The leaked documents on DC police officers included information like background checks, criminal histories, medical evaluations, employment histories, financial information, social media accounts, polygraph tests, and family information.
After the attacks, one of the victims took to Reddit to seek help. The victim also said that hackers are asking him to pay 0.006 bitcoin to get his documents back. However, the FBI has requested the victims to not pay the ransom, as it does not guarantee that you will get your data back.
Another victim of Babuk Locker ransomware posted on Twitter that his PC has been affected by the virus.
A guy who got "Babuck Locker" ransomware believes "the virus has infected my PC through crack for an antivirus".
Also it seems some people got both Babuck and STOP (Djvu) ransomware…
— MalwareHunterTeam (@malwrhunterteam) July 1, 2021
Types of Ransomware
There are different types of ransomware with various security threat levels. Here are 5 major types of ransomware you should know in 2021:
If you have been hit with ransomware like Babuk Locker, make sure to have a response plan ready and remember to isolate the affected system to prevent the virus from spreading to the entire network.
Also, make sure to stay up to date with all the latest cybersecurity news so you can understand the current online security issues and ways to respond to ransomware and other cyberattacks.
While it is still unclear how the Babuk ransomware is being distributed, it does pose a serious threat to the online community. The recent advancements in the Babuk ransomware are a wake-up call for authorities and online users.
Considering the current online security landscape, don’t underestimate the power of privacy tools like virtual private networks (VPNs) and encryption. These are absolutely essential when it comes to ensuring online data privacy and security.
We will keep you updated with the latest news regarding the Babuk Locker ransomware.