Houston Rockets Hit by the “Babuk” Ransomware Gang
- Houston Rockets were compromised by “Babuk,” and 500 GB allegedly stolen.
- The NBA team is still investigating the incident, but the website and services remain up.
- The actors claim to hold customer details, NDA documents, and contracts.
The ransomware group known as “Babuk” has added Houston Rockets to its victim list, warning about the imminent leak of 500GB of stolen data if their payment demands aren’t met. The threat actors present screenshots of the exfiltrated files as proof of possession, showing what appears to be contracts, non-disclosure agreements, customer information, employee information, financial data, and others. With the help of KELA, we were able to source the following screenshot from Babuk’s leak portal.
The NBA team didn’t "play games" with the news and immediately admitted the incident, saying that they detected suspicious activity on certain systems in its internal network. An investigation is underway with the help of third-party experts, and the Houston Rockets administration promised to notify fans or any individual who will be confirmed as impacted.
The Houston Rockets website is up, and everything seems to be working as expected, so there’s no impact on the operations. The issue remains the exfiltration of the sensitive data and the possibility of Babuk having the personal details of a large number of fans. Considering that NBA games are held without fans or at 12% of the total capacity in some cases, the data stolen by Babuk must not be very fresh, at least that concerning ticket purchases, etc.
Researchers at McAfee have been following Babuk closely since their appearance at the start of 2021 and have confirmed that the actors received a payment of $85,000 recently. This is an unsophisticated group of ransomware distributors who are mostly targeting entities based in Italy, Spain, and the United Arab Emirates. The codebase of Babuk is highly similar to Vasa Locker’s, and the threat actors are compromising an average of 10 entities per month.
The actors aren’t excluding anyone based on language checks, which is typical of Russian actors, and they have expressed themselves negatively against the BlackLivesMatter movement as well as the LGBT communities. Even though the Rockets have taken a side on the matter, like virtually every other team in the league, we doubt that Babuk’s motive had any relevance to that element.