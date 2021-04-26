F-Secure offer comment on Babuk ransome attack on DC Police Department

April 2021 by Calvin Gan, Senior Manager, Tactical Defense Unit at F-Secure

“Babuk ransomware is relatively new and is likely trying to make a name for themselves. They have been demanding a relatively low ransom amount and researchers from Emsisoft have even discovered severe bugs in their decryptor. Releasing a bold statement such as this to challenge the authorities could be seen as an amateur move, but it now gives them added credibility especially when the breach has been confirmed by the organization themselves.

The incident goes on to remind us that no one organization is safe from being targeted. As long as there’s data that could allow threat actors financial gain, they will continue changing their tactics to force an organization into the corner and into eventually paying up. Therefore, it is increasingly important to have a response plan in place and tested, so that it can be activated anytime a breach occurs.

With workers moving to remote work, the line between physical world crime and cyber crime is becoming blurred. Cyber crime is probably a more lucrative market now that more data is being uploaded and transported across the Internet. Ransomware groups are not going to stop and will continue seizing opportunities. With that, authorities along with the cyber security community could cross-collaborate when it comes to identifying, tracking and eventually taking these threat actors down. After all, it is all about protecting the users and society”.

Matt Lawrence, Director of Detection and Response:

“In recent years, human operated ransomware has become a prevalent and impactful threat to organizations worldwide. While the COVID pandemic brought many businesses to a halt in 2020, increasing numbers of ransomware actors began stealing data and threatening to leak it in addition to encrypting it during their attacks. The reason ransomware operators steal data before they encrypt it is so that they can threaten to leak it in order to exert more pressure on victims to pay ransoms. A proactive approach is essential to prepare for compromise and all organizations should consider the steps necessary to enable a more a more agile, responsive and effective defensive posture before it’s too late”.