The Babuk cyber threat gang, discovered in 2021, has been targeting various sectors. These sectors range from healthcare to logistics to manufacturing. The gang has been going very actively about their business and is known to have fetched a lot of money from its victims.

To mention one of the recent cyber incidents related to the gang. The Babuk gang attacked the Washington DC Metropolitan Police and has claimed to have stolen around 250 GB of their data. This data includes police reports, internal memos, mugshots and personal details. 

The cyber criminal group has publicly declared that they are now going to shut down their extortion business. However, the scary part is, they have stated that they will be offering their malicious services as ‘Open Source RaaS (Ransomware-as-a-Service)’. That means they will be offering services to anyone who wishes to develop their own cyber attack product based on Babuk gang’s product. 

This is a very dangerous precedent being set by this threat group. They are offering their RaaS services with the intention of increasing the overall number of threat actors in the cyber crime world.

Take a Moment to Stay Tuned Forever

Subscribe to get weekly cyber security updates!

What is RaaS (Ransomware-as-a-Service)

As the damages from cyber crime are expected to increase to $6 trillion this year, it is anticipated that ransomware will play a big role in that. Like any other cloud service provider, RaaS (Ransomware-as-a-Service) is based on a software subscription model

The worrying fact is that it has now become a go-to tool for beginner threat actors. This is because the ease with which this service can be availed will allow the rookie malicious actors to launch ransomware attacks easily and frequently. 

The RaaS model works like any other legitimate service. The affiliates who offer their services are given identifier codes for the distribution of commissions. Moreover, the service providers are mostly professional programmers who are looking to earn some extra money.

A Short But Successful Run

Babuk came to the fore at the start of the year 2021. It has targeted a number of victims who belong to a variety of verticals as mentioned above. The group demanded ransom between $60000 and $85000. It is worth mentioning, the Babuk gang has also informed in one of their public declarations that they had been operative since October 2020. However, it is still unclear as to exactly how many victims were targeted by this cyber criminal group.

In one of their articles, ThreatPost has revealed that the Babuk group taunts the victim for their mistakes. ThreatPost published the details of an email from Cymulate CTO Avihai Ben-Yossef.

“The Babuk gang highlighted the key problem that all organizations face when confronting threats, and that is speed,” he said. “In the note to the D.C. Police or MPD, they wrote ‘we find 0 day before you’. 

This is unfortunately true, but it doesn’t even have to be a zero day. The time it takes for known vulnerabilities to get patched on all systems is too long. Defenders that rely on manual security testing methodologies are unable to match the pace of threat actors in finding security gaps and fixing them.”

Ransomware Attack Recovery and Prevention

Ransomware attack recovery and prevention involves various steps at individual and organizational level. Some of these are mentioned below:

  1. Security Awareness: More often than not, an employee who is aware of his cyber security responsibilities and threats, is less gullible to be the origin of a ransomware attack. Awareness generation in this respect should be the responsibility of the organization with various tools at their disposal. 
    Cyber security awareness tools like ThreatCop provide a very engaging and effective way to impart cyber security knowledge and training. It uses a combination of simulation campaigns and a huge library of awareness content for this purpose.


  2. Multi Factor Authentication (MFA): Multi Factor Authentication (MFA) provides an  extra layer of protection to prevent unauthorized access of an intruder into the system. This is accomplished by the use of either SMS or Email Token Authentication that alerts the user of attempts of unwarranted access on his email.


  3. Incident Response Tools: Ransomware attacks through email can be detected early and eliminated by the use of incident response tools like Threat Alert Button (TAB). This tool can be helpful in removal of malicious phishing emails from the inbox of the organization’s employees.


  4. Checking the link destination: It is essential for the employees at an individual level to hover over a link to check its destination. Any suspicion about the redirected destination of the link should be enough for reporting it.


Ransomware is evolving and becoming even more virulent and potent. The new methods like RaaS and even more technical toolkits have made ransomware a very advanced cyber attack vector. It is now upon the organizations to ensure that their organization doesn’t fall prey to this ever evolving attack vector. It is time for them to be proactive in securing their system against cyber threats on the whole. It requires a mix of awareness and modern technology.

Turn Your Employees Into A Cyber Threat Shield

Make your employees proactive against prevailing cyber attacks with ThreatCop!

Leave a comment

Your email address will not be published. Required fields are marked *