At the end of June, the Babuk Locker ransomware was leaked online allowing threat actors to use it to create their own version of the popular ransomware.
The Babuk Locker operators halted their operations at the end of April after the attack against the Washington, DC police department. Experts believe that the decision of the group to leave the ransomware practice could be the result of an operational error, it was a bad idea to threaten the US police department due to the information that it manages.
The ransomware gang broke into the Washington, D.C., Metropolitan Police Department, encrypted its files and demanded a $4 million ransom.
At the end of May, the Babuk ransomware operators rebranded their ransomware leak site into Payload.bin and started offering the opportunity to other gangs to use it to leak data stolen from their victims.
The builder allows creating custom versions of the Babuk Locker ransomware that works for Windows systems, ARM-based network storage attached (NAS) devices, and VMWare ESXi servers.
Now the group seems to have suffered a ransomware attack, threat actors flooded their forum, a Dark Web ransomware forum called RAMP, with gay orgy porn images. The attackers also demanded $5K in bitcoin to the Babuk gang that refused to pay the ransom.
The analysis of the Bitcoin address used by the threat actor to request the payment is still empty.
According to The Record, the Babuk operators were forced to wipe their forum clean at least on two occasions as a result of the attack.
Even if the Babuk operators have wiped the forum several times, the attacker was still able to flood it with pornographic GIFs.
(SecurityAffairs – hacking, Babuk ransomware)