Last Tuesday, Washington, DC’s Metropolitan Police Department (MPD) came forward with the news that their computer system had been hacked by ransomware developed by the Babuk hacker group, who threatened to leak 250 GB worth of confidential files.
The operators of Babuk ransomware have posted on their leak website that they have achieved their goal and will be quitting the extortion business, with plans to pass the torch by making their source codes publicly available.
In a since-deleted message, titled “Hello World 2,” the group claimed that the MPD cyberattack was their last goal in what is assumed to be the exploitation of the vulnerability in cybersecurity, but has encouraged others to continue to carry on their overall mission.
Babuk is a group that works on a ransomware-as-a-service (RaaS) business model. When most people hear about ransomware and viruses on their computer, they automatically assume it to be malicious, and so they avoid it or in some cases actively fight it.
However, RaaS is shown to work similarly to the software-as-a-service (SaaS) business model, where platforms like tech giant Google have access to many different servers based globally and offer websites to host the desired application for users.
Google is one of the most popular forms of web browsing, despite there being many other server providers. The biggest downfall of SaaS is that it is government regulated, so the collection of data is subject to state regulation depending on the location and access to global servers.
Malware comes with negative connotation because of its use in cyberattacks, even though it was originally intended as a tool to balance the use and mobility of the Advanced Research Projects Agency Network (ARPANET) for internet data collection. Essentially, malware works as an application to balance out the data control of software by alternating the programming language of different systems, and allowing users familiar with the basics of coding to better communicate with their devices.
Babuk is known to use one of the more basic forms of RaaS, which is the Eclliptic-Curve Diffie-Helman (ECDH) algorithm. This algorithm, though it appears intimidating, offers users the ability to have more control over who has access to the data available on their systems. The use of ECDH allows information to be passed between users over a public domain without the need of third party SaaS-type interference.
Ransomware groups like Babuk usually target companies as a way of teaching lessons on the vulnerability of the programs being launched within their systems. Currently, many systems run the same generic software programs like Microsoft Windows because of its convenience. It becomes easy to forget there are other forms of accessing, storing, and sharing data on their computers.
The cyberattack on the MPD saw Babuk ransomware encrypt a variety of confidential files, including police and gang conflict reports, FBI arrest details, officer training and work history and polygraph results, among other documents.
Babuk ransomware was a short-lived cyberattack system that only emerged at the beginning of the year, but was able to actively pinpoint just how easy it is to access and control the data that many large tech companies use in the maintenance and updates of current and older devices.