A comment spammer flooded Babuk’s new ransomware forum with gay orgy porn GIFs & demanded $5k in bitcoin.
The Babuk ransomware gang’s new rebrand isn’t going well. It seems the cyber-criminal group has now been a victim of a ransomware attack of its own.
Babuk’s latest endeavour, a Dark Web ransomware forum called RAMP, was crippled by a spammer over the weekend who overloaded the site with same-sex pornographic GIFs, according to Recorded Future.
Bombard the Forum
The attacker told Babuk they wanted $5k. Babuk told them to ‘pound sand’, refused to pay & deleted the original post. However, even after wiping the forum several times, Recorded Future observed the attacker was still able to bombard the forum with pornographic GIFs.
Malware source code detector vx-underground also picked up on the feud, calling it “Ransomware group drama.”
“RAMP, the forum started by Babuk ransomware group, has seen a surge of flooding & spamming. An unknown individual is stating they have 24 hours to pay $5k or else,” vx underground posted. “Ransomware actors are ransoming other ransomware actors.”
Babuk’s Reboot Stalls
Babuk has had a bad few months.
After hitting the Washington DC. police department in April with a ransomware attack, the group vowed to retire in a short goodbye note. If they did retire, it was short-lived. In May, Babuk started leaking data from the D.C. police breach.
By early July, the group had uploaded its ransomware source code to Virus Total & renamed its leak site Payload.bin in what seemed like a launch of a ransomware-as-a-service (RaaS) business.
Colonial Pipeline
Then the operators had a new business idea: to use the opportunity left by malware discussions in the wake of the Colonial Pipeline attack. In late May, the XSS underground forum had banned ransomware ads. The Exploit forum followed suit within a day, & a few hours later, the operators behind the RAID forum rounded it out a trio of ransomware-chat bans.
Then, 2 weeks ago, Babuk launched RAMP: a new forum where threat players could connect & openly discuss their ransomware business.
It’s still to be determined what impact this latest spammer attack will have on Babuk’s ability to court cyber-criminals in the gang’s corner of the dark web.
Professional Liars & Scammers
At the time when Maze announced its retirement, Adam Kujawa, Director of Malwarebytes Labs, warned against trying to read too much into anything these cyber-crime groups say.
“Ransom actors are professional liars & scammers; to believe anything they say is a mistake,” he reportedly said.
Now that ransomware players have turned on one another, things might be about to get even more interesting.
https://www.cybernewsgroup.co.uk/virtual-conference-september-2021/