Security News > 2021 > April > Babuk quits ransomware encryption, focuses on data-theft extortion
A new message today from the operators of Babuk ransomware clarifies that the gang has decided to close the affiliate program and move to an extortion model that does not rely on encrypting victim computers.
The gang seems to have chosen a road different from the ransomware-as-a-business model, where the hackers steal data before deploying the encryption stage, as leverage in negotiations for the ransom payment.
"Babuk changes direction, we no longer encrypt information on networks, we will get to you and take your data, we will notify you about it if you do not get in touch we make an announcement" - Babuk ransomware.
Exfiltrating data for higher ransom demands is a practice that Maze ransomware started in November 2019.
In today's message Babuk ransomware says that despite being a new team on the ransomware scene, they already are well-known in the business because they have "The best pentesters of dark net."
The advantages of this extortion business for Babuk remain unknown at the moment but the gang would need to exfiltrate larger quantities of data than in the case of encryption.