Hacker Feuds: Babuk Ransomware Group Attacked
The Babuk ransomware became the victim of a hack and a ransom demand in a curious turn of events. The small-scale hacker war was documented and described by security researchers working with US cybersecurity firm Recorded Future.
Babuk were going through a bit of a reimagining, after executing their last big attack on the Washington DC police department in April, then laying low for a bit before starting to leak chunks of data from the attack.
Following the Colonial pipeline attack and the considerable upheaval in countermeasures and action on part of the authorities, a lot of underground and hacking forums decided to proactively ban all discussion of ransomware, in order to avoid the wrath of the FBI and other law enforcement. Three of the biggest and most popular hacking forums banned all discussion and marketing of any ransomware on their platforms.
It seems Babuk decided to take a risky approach and opened up a new forum named RAMP, where any and all threat actors could freely discuss or advertise ransomware.
However, a couple of weeks after that platform was launched by the Babuk group, a hacker flooded the RAMP forums with homosexual pornography GIF animations, defacing the site, then demanded that Babuk pay $5 thousand within 24 hours. The posts were made in Russian and one of them read:
"Uncle Admin, I am leaving, but I promise I will be back!
You see, the situation is not simple at all. Think about it, have a smoke, maybe we can come to an understanding."
The clock is ticking. Tick-tock."
As expected, Babuk did not play along and simply deleted the messages, but the attacker did come back and managed to spam and flood the site several more times, still posting pornographic imagery.
Whether the several successful attacks on the forum software platform will leave a dent on the ransomware gang's credibility remains to be seen.