Thank you for deep diving into these data dumps and risking getting on the bad side of KZbin in order to raise awareness John. Truth be told most of these organisations most likely have very little idea to what extent they have been compromised and what types of data has been stolen from their systems.

Off-limit entities, rules, and pretending to be a professional IT service....... The mental gymnastics this group is going through to attempt to morally justify their behavior is next level.

for those who don’t know Babuk is defunct afaik, one of their developers first leaked their builder, & then leaked the src to the ransomware. Fun fact: Babuk is the second fastest ransomware behind Lockbit.

As usual, amazing content John. Thank you.

I saw you at Blackhat! I was working as one of the conference associate team leads and couldn't step away 😥

Interesting series. I've been enjoying these.

Love your videos, keep it up.

Feds to John - Why are you visiting the Dark Web 👮? John - For educational, historic and scientific purposes Feds - Alright, have a nice day

This series is so interesting, thanks for sharing this! You're a cyberhero, John

The term "audit" cracks me up. We are not stealing we are auditing.

just like everyone else in the comment section - great work - thanks for your time John

You should totally go in Jack Rhysider's Darknet Diaries podcast. You're my hero!

Thank you for drilling down into this for us, was very informative

I've really been enjoying this series. You should team up with the mob reporter for one of these haha

I can get and to a degree respect the notion of "Hey we dont target these X targets, it crosses my personal moral barrier" (which if you dont believe, do you think every thief is willing to commit murder? Most criminals are still going to have that ceiling for how much harm theyre willing to commit and that ceiling is gunna vary from person to person). But oh boy that about us is such a weird mix of gaslighting and copium lol Its gotta be a joke that they just think its funny to couch things in that language.

Hi John. I’m work as a cybersecurity specialist for an organization here in the U.S. Out of curiosity, where do you get your sources to find sites like these? They may come in handy for future research.

From 36k to nearly 500k sub you're amazing man

Loved it. Always insightful.

That was great, more of those, please!

Great insight

quick technical question: They say they use symmetric encryption. I am somewhat confused about that, wouldn't it make more sense for a ransomware to use asymmetric keys? If my understanding is right, with a symmetric key, the same key used for encryption could be used for decryption, this doesn't defeat the purpose of the whole attack, since theoretically the key could be extracted from the ransomware executable?

Such a good people. Non-malicious activity and out of a good heart for sure

"Don't feel good about this" - while uploading this to youtube for all to see.

Thank you John 😊

Nice content!

John has discovered that videos about the dark web have more visits

Where can I find the other 8 video's? Is there a playlist for this?

One interesting thing I picked up quickly was the views number. They are all suspiciously similar. I suspect they are fake. Not the most important information or takeaway from this but thought I'd point this out as another pin in the list of dodgy things you can pick up from just looking at the sites.

KEEP GOING BRO

I always sit and wonder if the people from Anonymous, Babuk or other groups might be watching these videos, chuckling to themselves in a dark room with a singular desk lamp on and their hood up 🤣

Hello, I know it's not on topic, but in Ur old videos (atleast those are what im watching) You always say, "well that's how it is on linux, and if U're not on linux You should wonder why You aren't." And it really made me wonder what's the difference in everyday life usage? if we dont count executable like playing games and maybe being the real owner of OS/PC, that just leaves us with different libraries for programming? I really am curious, because there's defienietly something that im missing, would much appreciate, a link to a video explaining (if one as such exists) or just a reply. Anyway Thanks a lot for the content U have made in the past and probably future, once I get to that point :- D

12:35 that text right there is based

Just think what going to be further…. 🤔

hey my brother , thank you first of all , and ll have fews question for you if u have times ... let me know .. im definetely better in french or spanish but lm able to talk with u in your language sorry if ll look weird . thank u again.

Best series

You could try hashing things like the date or the name of the effected company and see if you can produce the same hash and then enumerate with a wordlist of known victims of babuk / iterate the date

Thanks👍

My question is, how do you find these websites?

5:36, got it, they threaten stochastic cyber attacks under ransom.

good video

Sinister folks

Just by reading their text I can tell that someone russian wrote it lmao

The name reminds me of Babadook, spooky, haha

600,000+ views is disturbing

It's always nicer when someone who is stabbing you out of nowhere tell you : "Good day, do you want to buy this bandage for me ? You are welcome" :) By the way it did say "penetration of the entity Elon Musk" right ?

Greate job

Quite the predicament to end up in. Do you pay with whatever good faith you can scrounge together for this extortion ? Do you ignore it and hope it’s not real? Do you assume it’s already been leaked and it’s a loss loss ? None of these outcomes are good

Pronounce like BabUk with hard U. Russian transcription = Бабук.

Is their any way to decrypt RSA SALSA20 encrypted files?

Mr. John

babuk! I haven't been able to ask anyone 😂😂

Crimes have different severity associated. I do think its respectable and seen as less "evil" if they don't do it to hospitals or non-profit institutions. I understand why you smirked and frowned upon these supposedly "ethical" boundaries, but give it a second thought, its not about them thinking that its "alright to do it to big companies", its them thinking that it's worse if they do it to those who're helping society in a more direct way.

Certainly non kosher

Am i shadow banned here? 😨

Too early

*Shivers* I do believe we in the community should "audit" groups like babuk and encrypt their crap. Or fry their gear. I prefer the Fry option.

Sounds like ransom for me 😂😂😂

2nd :D

noice

3Rd

fifth :)

First :D

Here's a business plan. Pwn zoominfo, exfil the website access logs, see who's looking up xyz company that's just been ransomed, grab the perp's IP (these groups are shit so probably bad opsec), blackmail the perps, profit.