Babuk Tortilla Ransomware Dev Arrested In Amsterdam
Read also: The US charges admins, sellers and buyers linked to xDedic, a ShinyHunters hacker gets 3 yers in prison, and more.
Thursday, January 11, 2024
Dutch police arrest a hacker behind the Babuk Tortilla ransomware variant
The Dutch police apprehended an individual in Amsterdam suspected of creating and operating the Babuk Tortilla ransomware variant.
The suspect was identified following a tip from the Cisco Talos threat intelligence team. Following the arrest, the authorities obtained the private decryption keys, which they shared with Cisco Talos and Avast.
The keys were intergated in an updated version of the Babuk ransomware decryptor to help Tortilla victims recover their files without paying a ransom. The tool is available for download through the Europol-run No More Ransom initiative.
At present, there’re no additional details regarding the identity of the hacker behind Babuk Tortilla operations or when they were arrested.
Request your free demo now and talk to our experts.
The US charges admins, sellers and buyers linked to the xDedic illicit market
The US Department of Justice announced the conclusion of a comprehensive investigation into the dark web marketplace 'xDedic,' responsible for trading stolen login credentials, access to compromised servers, and personally identifiable information (PII). The marketplace was shut down in 2019 following a collective effort involving law enforcement agencies from Europe and the United States.
Since the platform's demise, the US authorities have apprehended and charged 19 people linked to the operation and use of xDedic, including the administrators, buyers, and sellers. Key figures include Alexandru Habasescu and Pavlo Kharmanskyi, the lead developer and technical mastermind, and the advertiser and customer support provider, respectively. Habasescu and Kharmanskyi were sentenced to 41 and 30 months in prison, respectively.
Among those sentenced is Dariy Pankov, a Russian national known as “dpxaker,” who was one of the top sellers on xDedic. Pankov is also the creator of a brute-forcing tool called “NLBrute.” He was arrested in Georgia in October 2022, pleaded guilty in September 2023, and received a 60-month prison sentence.
Nigerian national Allen Levinson, described as a “prolific buyer,” received a 78-month prison sentence. Levinson utilized information obtained from hacked accounting firm servers to file false tax returns, attempting to defraud the US government of over $60 million. The remaining cybercriminals, hailing from Nigeria, the UK, the US, and Ukraine, received sentences ranging from probation to 6.5 years in prison. Five cybercriminals await sentencing at a later date.
BreachForums admin re-arrested after violating parole
The administrator of the notorious BreachForums hacking forum, Conor Fitzpatrick, is facing legal trouble for allegedly violating pretrial release conditions.
Fitzpatrick, also known online as ‘Pompompurin’, was arrested in New York on March 15, 2023. He was charged with operating the now-defunct BreachForums, one of the top cybercriminal sites used by hackers and ransomware groups.
Initially charged with the theft and sale of sensitive personal data, Fitzpatrick was released on a $300,000 bond the day after his arrest. The court had mandated multiple restrictions, including the prohibition from using computers without supervision, having no contact with minors, refraining from accessing platforms focused on stolen data and hacking without prior approval. Fitzpatrick was also barred from using identity-obfuscating tools such as virtual private networks (VPNs), the onion router (Tor), or proxies.
However, according to court documents, Fitzpatrick was re-arrested on January 2, 2023, for breaking the conditions of his pretrial release, namely, for the use of an unmonitored computer and a VPN.
A ShinyHunters hacker sentenced to three years in prison and $5M restitution
Sebastien Raoult, a member of the ShinyHackers hacking collective and a French citizen, has been handed a 3 year prison sentence in the US for his involvement in a widespread cybercrime operation. In addition to the prison sentence, he was ordered to pay $5 million in restitution.
Raoult was arrested in Morocco in 2022 and extradited to the US in January 2023. According to court documents, the hacker and his partners in crime hacked into corporate networks around the globe, aiming to steal confidential information and customer records, including personally identifiable information (PII) and financial data.
The co-conspirators created phishing websites mimicking legitimate businesses' login pages, through which they obtained the account credentials of company employees. Using the stolen credentials, hackers compromised accounts and exfiltrated sensitive information. The illegally obtained data was then sold on various Dark Web forums, including RaidForums, EmpireMarket, and Exploit.
Between April 2020 and July 2021, the criminals posted sales of compromised data from more than 60 companies. In some cases, the hackers thretened to leak or sell sensitive files if a ransom was not paid. The total impact of Raoult and his co-conspirators' actions resulted in the theft of hundreds of millions of customer records, causing estimated losses exceeding $6 million for the victim companies.
A Nigerian national gets 10 years in prison for laundering millions of dollars in scam proceeds
Olugbenga Lawal, a 33-year-old Nigerian national was sentenced to 10 years and one month in prison for the elaborate money laundering operation he participated in. He will also have to pay over $1.46 million in restitution.
Lawal was a member of the infamous Black Axe cybercrime syndicate and worked directly with the leader of the group. The schemes orchestrated by the criminal organization ranged from romance fraud to business email compromise (BEC), with a particular focus on targeting elderly victims. Lawal was tasked with laundering proceeds obtained via fraudulent activities.
Lawal, who controlled several accounts, received at least $3.6 million in deposits, distributed across seven different bank accounts in his name or under the guise of his company. Together with co-conspirators, he laundered millions of dollars stolen in BEC and romance scams between January 2019 and June 2020.
In a separate case, a US court sentenced a Maryland resident, Whitney Adams, to 48 months in prison for laundering money for fraudsters who engaged in various cyber scams, including romance fraud.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
The award-winning ImmuniWeb® AI Platform helps over 1,000 customers from over 50 countries to test, secure and protect their web and mobile applications, cloud and network infrastructure, to prevent supply chain attacks and data breaches, and to comply with regulatory requirements. 
