Caleb Boma | May 12th, 2021

Babuk ransomware operators performed an attack on the Washington DC police department at the end of last month. After negotiations failed, Babuk eventually released the data they stole from the department on their dark web site.

An important lesson to learn from this is you can’t trust threat actors. In January, Avaddon ransomware claimed they would use distributed denial of service (DDoS) attacks after ransomware attacks if victims decided not to pay ransoms. There is no evidence of Avaddon using DDoS attacks since they claimed they would use them.

Again, we’re seeing threat actors not following through on their word. Babuk has added information to their data leak site after an attack. Yamabiko, a Tokyo-based manufacturer of power tools and industrial machinery, endured a ransomware attack at the hands of the supposedly retired threat group.

Information leaked by the Russian-speaking threat group includes personal identifiable information (PII) relating to employees, product schematics, financial data, and more. Babuk claims they have at least .5TB of data.

Babuk operators posted their retirement note on their website but quickly removed it as they have kept their ransomware operations in business. Babuk operators have exploited VPN vulnerabilities in the past in order to move laterally across networks. Since the number of vulnerabilities have risen in 2021, Babuk has attacked enterprise infrastructure directly instead of infiltrating networks through usual phishing attacks, using leaked credentials, or exposed RDP.

SpearTip’s engineers aren’t shocked by the misinformation provided by threat actors. They aren’t always to the most trustworthy people. This is why our team is always staying up with the latest changes in tactics and procedures so we can ensure we’re prepared to respond to anything.

Ransomware attacks, and cyber attacks in general, are difficult to predict, so engaging with a security firm like SpearTip is a great way to stay ahead of cyber threats to protect your organization. Not only do will you need to protect the profit your organization generates, but keeping your operations running at full steam is what you organization thrives on. Downtime from attacks can be even more costly than losing data and making a ransom payment. Prevention is the best way to secure your team’s profits and SpearTip’s engineers and analysts are waiting at any moment of the day to respond and protect your business from malicious threats.

Our team will continuously monitor environments 24/7 in our US based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have a direct communication with our engineers at any moment and a completely transparent view of your risk profile.

If you think your organization has been breached, call our Security Operations Center at 833.997.7327.