Ransomware hackers infect military contractors’ systems; US Army secrets exposed

Ransomware remains one of the main information security issues worldwide. This time, cybersecurity experts confirmed that operators of the dangerous variant of Babuk ransomware (also known as Babyk) managed to steal and leak more than 700 GB of confidential information from one of the major U.S. military contractors.

As you may remember, the ransomware is a malicious software variant that infects the target system and displays messages that demand payment of a ransom to restore the operation of the system. The payment demanded by hackers must be covered through a cryptocurrency transfer such as Bitcoin, Ethereum or other popular options.

The report, published by DarkTracer via Twitter, mentions that the affected company develops armament control technology and auxiliary equipment for the U.S. Air Force, Navy, and Special Operations Command.

Early reports indicate that threat actors used a dark web platform to publish stolen information, including sensitive details such as military protocols, confidentiality agreements, and private data from customers and employees. It should be noted that the Babuk ransomware has been active since at least the beginning of 2021.

Like other similar operations, Babyk hackers created a page on the dark web to publish some of the compromised data, mainly as a way to force ransom payment. However, experts report that ransomware operators also published a list of companies and organizations potentially linked to this company, as well as other companies that could be attacked in the future, including some non-governmental organizations close to the LGBT collective and the Black Lives Matter movement. So far the amount demanded by the attackers is unknown and whether the company has decided to pay the ransom.

To learn more about information security risks, malware variants, vulnerabilities and information technology, feel free to access the International Institute of Cyber Security (IICS) websites.