Experts Insight On Babuk Locker Ransomware Gang Leaks Military Contractor’s Data

Recorded Future is reporting that the PDI group, a major supplier of military equipment to the US Air Force, appears to have fallen victim to a ransomware attack. The group behind the Babuk Locker ransomware has posted samples of the data and is threatening to leak more than 700 GB of data they claim to have stolen from PDI’s internal network in a ransom demand. Experts with SCYTHE and Gurucul offer perspective.

Subscribe
Notify of
guest
2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Jorge Orchilles
InfoSec Expert
March 26, 2021 1:42 pm

<p>We continue to see the evolution of ransomware gangs going from only encrypting files to performing \"double extortion\" as it raises the probability they will get paid. The data posted on these leaks sites can only be verified by the target organization.</p>

Last edited 1 year ago by Jorge Orchilles
Saryu Nayyar
Saryu Nayyar , CEO
InfoSec Expert
March 26, 2021 1:44 pm

<p>The attack against PDI follows a common pattern with hybrid ransomware attacks. The attackers exfiltrate data before encrypting it, then extort money with the threat of releasing it if their demands are not met. The surprise here is how much data was apparently stolen. Attackers sneaking out a few Gigabytes of data is plausible. However, stealing almost a Terabyte without being noticed indicates their perimeter defenses weren\’t even looking for this kind of data exfiltration. We have seen this level of data theft in other attacks. Organizations need to review their policies and security stacks, and deploy tools that can identify mass data transfers like this, such as DLP and security analytics platforms.  Stopping the attackers before they get in is ideal but identifying and stopping them quickly once they\’re inside is vital.</p>

Last edited 1 year ago by Saryu Nayyar
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x