Experts Insight On Babuk Locker Ransomware Gang Leaks Military Contractor’s Data

By   ISBuzz Team
Writer , Information Security Buzz | Mar 26, 2021 05:13 am PST

Recorded Future is reporting that the PDI group, a major supplier of military equipment to the US Air Force, appears to have fallen victim to a ransomware attack. The group behind the Babuk Locker ransomware has posted samples of the data and is threatening to leak more than 700 GB of data they claim to have stolen from PDI’s internal network in a ransom demand. Experts with SCYTHE and Gurucul offer perspective.

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Saryu Nayyar
Saryu Nayyar , CEO
March 26, 2021 1:44 pm

<p>The attack against PDI follows a common pattern with hybrid ransomware attacks. The attackers exfiltrate data before encrypting it, then extort money with the threat of releasing it if their demands are not met. The surprise here is how much data was apparently stolen. Attackers sneaking out a few Gigabytes of data is plausible. However, stealing almost a Terabyte without being noticed indicates their perimeter defenses weren\’t even looking for this kind of data exfiltration. We have seen this level of data theft in other attacks. Organizations need to review their policies and security stacks, and deploy tools that can identify mass data transfers like this, such as DLP and security analytics platforms.  Stopping the attackers before they get in is ideal but identifying and stopping them quickly once they\’re inside is vital.</p>

Last edited 2 years ago by Saryu Nayyar
Jorge Orchilles
March 26, 2021 1:42 pm

<p>We continue to see the evolution of ransomware gangs going from only encrypting files to performing \"double extortion\" as it raises the probability they will get paid. The data posted on these leaks sites can only be verified by the target organization.</p>

Last edited 2 years ago by Jorge Orchilles

Recent Posts

Would love your thoughts, please comment.x