Marking the first large scale ransomware operation of 2021, Babyk, the group behind Babyk Ransom Locker software, recently launched a data leak site—an online forum where hackers post and publicize data stolen from their victims.
Please find the comments from Denis Legazo, senior security researcher at Kaspersky, below. In it he discusses why Babyk may seek to utilise an online leak site and why they may refer to a “Hackers Code”.
<p>The Babyk group is of many actors behind CryptoLocker’s campaigns. While they are quite new, websites like theirs aren’t necessarily surprising. Cybercriminals distributing malware such as this often brag about their \"achievements\". They do it to demonstrate that they are capable of publishing stolen data if the victim does not pay the ransom for their decryption. Among many others, this was the approach adopted by the Conti group when using the TrickBot Trojan.</p> <p> </p> <p>It is noteworthy that the group is outlining a “hacker’s code” regarding which entities they will and will not attack. However, it is not a reason to romanticise them – the group is still just doing \"business\". The known declared limits of hacking groups are primarily related to geographic regions, based around the level of risk in some locations.</p>