Unlike usual Mondays, last Monday was fun – a manic Monday, I’d say. We woke up to our Ransomlooker, a tool exclusively developed by Cybernews to monitor the dark web, flashing like crazy.
What was going on? It kept alarming us about new victims. And they were huge ones, with Chinese brands like Pinduoduo, Taobao, and French teleoperator Orange among them.
Besides being top brands used by hundreds of millions of customers worldwide, they had something else in common – the abuser. All of the companies mentioned as victims on the data leak site were claimed by Babuk, one of the most notorious ransomware-as-a-service gangs.
Babuk was active a few years ago before disappearing in 2021. Then, in January 2025, it came back with a bang, listing 64 victims in just two days. However, it seems like the return of Babuk, or “Babuk 2,” is nothing but a scam.
I just loved the way Mathew J. Schwartz, a writer for the ISMG publisher, put it:
“It never hurts to be reminded: ransomware hackers are lying liars who continue to lie.”
And it’s not only cybersecurity pundits who didn’t buy Babuk’s latest spree. Other crooks also got annoyed by these claims.
Cybernews received a letter from someone claiming to be Funksec, a threat actor responsible for some of the actual breaches claimed by Babuk 2.
“Orange you mention was from HellCat and most from us. the thing were this guy was broke and asked us for some money I ain't gave him any and he is scamming world just infrom u before they exit-scam,” an unedited email reads.
By the end of the week, Babuk started claiming even bigger victims, including Amazon, HSBC, Delta, HP, and Westinghouse.
By claiming other crooks’ work, has whoever is behind this Babuk 2 data leak site crossed a line? Is that even possible?
Ransomware gangs function in very, I’d say, conventional business-like ways most of the time. However, given they are operating outside of the law, some of their moves are bold and crazy. Desperate may be a better word to describe it.
One ransomware gang, OX Thief, recently threatened to release 47GB of “highly sensitive files" unless a ransom was paid.
Reputation damage, negative press, costly recovery, and hefty fines are all potential consequences of a ransomware attack. However, OX Thief decided to add a few to that list. They said they’d inform famous cybersecurity journalist Brian Krebs, Have I Been Pwned founder Troy Hunt, and even the famous whistleblower Edward Snowden if the ransom wasn't paid.
Speaking of lows, it turns out that crooks also breached sperm bank Cryobank, which is one of the largest reproductive tissue banks in the world, exposing extremely vulnerable groups of people. Unless you actually want to meet your so-called donor siblings or dozens of your biological kids come knocking on your door, you’d probably want that information properly secured.
Given that your data can remain secure when you give it away. 23andMe, a major DNA-testing company, is now filing for bankruptcy. This means that customer data will now change hands. That’s on top of the notorious data breach of 2023, which deepened the firm’s financial distress.
Your email address will not be published. Required fields are markedmarked