[MART] - Daily Diary #313 - Babuk Ransomware Forum Drama

CTAS-MAT ctas-mat at appgate.com
Tue Jul 27 22:13:19 UTC 2021

I hope everyone is doing well!

Below is the entry for today.

07/27/2021 - Diary entry #313

Covered in our Daily Diary #182, Babuk Ransomware is a human-driven ransomware that recently changed its focus to Data Stealing rather than just encrypting. In our Daily Diary #276 we covered a new deep web platform, named Payload Bin, launched by the group behind Babuk to publish leaks from attacks and their partners. Babuk used to publish their ransomware ads in cybercrime forums, like RAID. After those platforms started to ban ransomware ads, Babuk converted Payload Bin into RAMP, their own cybercrime forum.

Last week RAMP forum was flooded with adult content gifs and videos. Ironically, the attackers demanded 5,000 USD in bitcoins to stop the intrusion, claiming that if the ransom is not paid further attack would be launched.

Instead of paying the ransom, Babuk announced that RAMP will switch to a private forum, so they can investigate the users one by one. Our team currently monitors Babuk deepweb sites. Today, July 27th, instead of the old forum, it shows a countdown for the launch of the private forum. They also announced that to join the forum the users need to be registered in xss/exploit forums for at least 2 months and have at least 10 posts and a positive reputation. Users can also join by paying a registration fee of 500 USD.

This novel is an example of how it's becoming more difficult for Ransomware to advertise their attacks. With the recent international efforts to fight those cybercrime groups, we can see some fear growing in forums and platforms, banning such content to avoid being related to those crimes. Hopefully, it will become harder and harder for ransomware groups to get more "clients" and "partners".

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Duarte Domingues
Security Researcher

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210727/b991e793/attachment.htm>

More information about the MART mailing list