Last Tuesday, Washington, DC’s Metropolitan Police Department (MPD) came forward with the news that their computer system had been hacked by ransomware developed by the Babuk hacker group, who threatened to leak 250 GB worth of confidential files.
The operators of Babuk ransomware have posted on their leak website that they have achieved their goal and will be quitting the extortion business, with plans to pass the torch by making their source codes publicly available.
In a since-deleted message, titled “Hello World 2,” the group claimed that the MPD cyberattack was their last goal in what is assumed to be the exploitation of the vulnerability in cybersecurity, but has encouraged others to continue to carry on their overall mission.
Babuk is a group that works on a ransomware-as-a-service (RaaS) business model. When most people hear about ransomware and viruses on their computer, they automatically assume it to be malicious, and so they avoid it or in some cases actively fight it.
Google is one of the most popular forms of web browsing, despite there being many other server providers. The biggest downfall of SaaS is that it is government regulated, so the collection of data is subject to state regulation depending on the location and access to global servers.
Babuk is known to use one of the more basic forms of RaaS, which is the Eclliptic-Curve Diffie-Helman (ECDH) algorithm. This algorithm, though it appears intimidating, offers users the ability to have more control over who has access to the data available on their systems. The use of ECDH allows information to be passed between users over a public domain without the need of third party SaaS-type interference.
The cyberattack on the MPD saw Babuk ransomware encrypt a variety of confidential files, including police and gang conflict reports, FBI arrest details, officer training and work history and polygraph results, among other documents.
Babuk ransomware was a short-lived cyberattack system that only emerged at the beginning of the year, but was able to actively pinpoint just how easy it is to access and control the data that many large tech companies use in the maintenance and updates of current and older devices.
0.00 (0%) 0 votes