Serco Affirms Babuk Ransomware Attack

 

Outsourcing giant Serco has affirmed that parts of its infrastructure in mainland Europe have been hit by a double extortion ransomware assault from the new Babuk group, however, the parts of its operation relating to the NHS Test and Trace program are unaffected. “Serco’s mainland European business has been subject to a cyber-attack,” a Serco representative said. “The attack was isolated to our continental European business, which accounts for less than 3% of our overall business. It has not impacted our other business or operations.” 

The incident comes after security firms and insurers progressively have stressed that digital extortionists gain from other assailants' techniques, outsource a portion of their operations and depend on connections to infiltrate victim networks. Albeit the NHS Test and Trace program was unaffected by the incident, ThreatConnect EMEA vice-president Miles Tappin said the vulnerabilities in Serco's wider systems were of incredible concern, and the Babuk assault uncovered “inherent weaknesses of the system”. 

“Like many actors new to the world of ransomware, the actor behind Babuk ransomware has been learning on the job while drawing insights from other criminal groups,” said Allan Liska, an intelligence analyst at the threat intelligence company Recorded Future. In the ransom note, Babuk's operators professed to have approached Serco's systems for three weeks and to have as of now exfiltrated a terabyte of information. The cybercriminals made explicit references to Serco partners, including Nato and the Belgian Army, and threatened Serco with consequences under the General Data Protection Regulation (GDPR). 

The attacker has demanded $60,000 to $85,000 in ransoms, however, that is “likely to increase over time as the threat actor becomes more experienced in ransomware operations,” as indicated by a private analysis from PricewaterhouseCoopers got by CyberScoop. Babuk is a long way from sophistication. Its code has contained mistakes that held it back from executing on some targeted computers, as indicated by PwC. “We assess that, due to a disregard for error checking, Babuk would fail to execute altogether in some environments,” the analysis says. 

However, while Babuk is as yet a moderately low-level threat to associations, as indicated by Liska, that could change on the off chance that they can bring in more cash from assaults and put resources into new capabilities.