Babuk loses stolen data set to DC subway police three weeks ago
- Babuk decided to disclose everything they had about the Washington DC Metro Police Department.
- The actors would have received an offer forty times less than the ransom they had demanded.
- Babuk has donated his source code to another project and will continue with extortion without encryption.
The Babuk ransomware group is now disclosing all of the data it stole from Washington DC subway police about three weeks ago, as negotiations seemingly stalled. According to the announcement posted on Babuk’s dark web extortion portal, 250 GB of sensitive data will be made available to everyone over the next eight months, giving thousands of people the ability to download and use it at as they please. The data includes full human resource details, the full gang database, and more.
Two days ago, another update was posted on the Babuk site, featuring screenshots of what would have been a conversation with a representative of the DC Metro Police. Based on these screenshots, which could be fake or fabricated, the police offered to pay a maximum of $ 100,000, while Babuk asked for a figure of around $ 4,000,000. This was unacceptable to the actors, so they decided to end the negotiations and proceed with the full publication of the stolen data.
The actors write that although the police now offer them double the amount requested, they will not withdraw the publication of the data, so there is no way to find a solution to this anymore. As the hacker says, the police had many chances to fix the problem, but they squandered them all. Certainly looks like the actor is frustrated with the offer he got – if he really has one.
In the meantime, Babuk’s operator is informing the public that the source code for the ransomware strain has now been passed on to another group of a different brand. The service will continue, but without encrypting machines on compromised networks. Instead, it will focus on data access, exfiltration, controlled leaks and extortion.
We have been aware of this shift in focus since the beginning of the month when the ransomware actors gave an interview in Czech media. The first notable attack that followed (against Yamabiko) had the characteristics of an “unencrypted” incident.
Meanwhile, ransomware expert Michael Gillespie has told us that Babuk’s strain is not very potent or bug-free, so anyone who buys it is not set to be successful in the future. Unless they are capable malware authors themselves and can fix all the decryption weaknesses, but then why would they buy the tool in the first place?