29th July 2021, Kathmandu
A comment spammer flooded Babuk’s incipient ransomware forum with gay orgy porn GIFs and injunctively authorized $5K in bitcoin.
The Babuk ransomware gang’s incipient rebrand isn’t going so well. It seems the cybercriminal group has been a victim of a ransomware attack of its own.
Babuk’s latest endeavor, a Dark Web ransomware forum called RAMP, was crippled by a spammer over the weekend who overloaded the site with same-sex pornographic GIFs, according to Recorded Future.
The assailant told Babuk they wanted $5,000. Babuk told them to pound sand, relucted to pay, and expunged the pristine post. But even after wiping the forum an abundance of times, Recorded Future verbalized the assailer was still able to bombard the forum with pornographic GIFs.
Malware source code detector Vx-underground withal picked up on the feud, calling it “Ransomware group drama.”
“RAMP, the forum commenced by Babuk ransomware group, has visually perceived a surge of flooding and spamming. An unknown individual is verbally expressing they have 24 hours to pay $5,000 or else,” vx underground posted. “Ransomware actors are ransoming other ransomware actors.”
Babuk’s Reboot Stalls
Babuk has had a rough few months.
After hitting the Washington D.C. police department in April with a ransomware attack, the group vowed to retire in a short goodbye note. If they did retire, it was ephemeral. In May, Babuk commenced leaking data from the D.C. police breach.
By early this month, the group had uploaded its ransomware source code to VirusTotal. It renamed its leak site Payload.bin in what seemed homogeneous to launch a ransomware-as-a-accommodation (RaaS) business.
Then the operators had an incipient business conception: to hop on the opportunity left by malware discussions getting shushed in the wake of the Colonial Pipeline attack. In tardy May, the XSS underground forum had ostracized ransomware ads. The Exploit forum followed suit within a day, and a few hours later, the operators abaft the RAID forum rounded it out a trio of ransomware-chat vetoes.
Then, a fortnight ago, Babuk launched RAMP: an incipient forum where threat actors could connect and openly discuss their ransomware business.
It’s still resolute what impact this latest spammer assailment will have on Babuk’s faculty to court cybercriminals in the gang’s corner of the dark web.
When Maze promulgated its retirement, Adam Kujawa, director of Malwarebytes Labs, admonished against endeavoring to read an exorbitant amount of into anything these cybercrime groups verbally express. “Ransom actors are professional prevaricators and scammers; to believe anything they verbalize is a mistake,” he reportedly verbally expressed.
Now that ransomware actors have turned on one another; things might be about to get even more intriguing.
