# Babyk Ransomware won't hit charities, unless they support LGBT, BLM **[bleepingcomputer.com/news/security/babyk-ransomware-wont-hit-charities-unless-they-support-lgbt-blm/](https://www.bleepingcomputer.com/news/security/babyk-ransomware-wont-hit-charities-unless-they-support-lgbt-blm/)** Lawrence Abrams By [Lawrence Abrams](https://www.bleepingcomputer.com/author/lawrence-abrams/) February 2, 2021 02:02 PM 3 ----- The Babyk ransomware operation has launched a new data leak site used to publish victim's stolen data as part of a double extortion strategy. Included is a list of targets they wont attack with some exclusions that definitely stand out. [In 2019, the Maze ransomware operation introduced a new double-extortion strategy of](https://www.bleepingcomputer.com/news/security/maze-ransomware-not-getting-paid-leaks-data-left-and-right/) [stealing unencrypted files and then threatening to publicly release them on data leak sites if](https://www.bleepingcomputer.com/news/security/list-of-ransomware-that-leaks-victims-stolen-files-if-not-paid/) a ransom is not paid. Soon after, other ransomware gangs adopted this strategy until it has become a popular method for threat actors to extort their victims. ## Babyk launches a data leak site Babyk ransomware, also known as Babuk, is a new ransomware operation that launched at the beginning of the year and has been targeting enterprise organizations worlwide. When first launched, the ransomware gang was leaking their data in posts on the 'Raid Forums' hacking forum but had stated that they planned on launching a dedicated leak site. Emsisoft security researcher Brett Callow shared a new site recently created by the Babyk Ransomware group where they are currently listing four victims, and the leaked data for three of them. ----- **LockBit data leak site** Included on the data leak site is a list of organizations that they will not encrypt, which includes hospitals, non-profits, schools, and small businesses. ----- **Organizations that won't be attacked** For each of these categories, the ransomware gangs lists the following exclusions: We do not audit next categories of organizations Hospitals: except private plastic surgery clinics, private dental clinics Non-Profit: Any non-profitable charitable foundation (except the foundations who help LGBT and BLM) Schools: except the major universities Small Business: Companies with annual revenue less than 4 mln$ (info about revenue we take from zoominfo) BleepingComputer has seen exclusion in the past for healthcare and what ransomware actors call "socially vital" services, such as 911, shelters, and nursing homes. The exclusions for non-profits is the first time BleepingComputer has seen personal opinions dictate whether a ransomware operation will encrypt an organization. ----- With the release of Babuk s site, there are now a total of ninteeen active ransomware data leak sites used in the double extortion tactic. ### Related Articles: [Industrial Spy data extortion market gets into the ransomware game](https://www.bleepingcomputer.com/news/security/industrial-spy-data-extortion-market-gets-into-the-ransomware-game/) [New ‘Cheers’ Linux ransomware targets VMware ESXi servers](https://www.bleepingcomputer.com/news/security/new-cheers-linux-ransomware-targets-vmware-esxi-servers/) [Quantum ransomware seen deployed in rapid network attacks](https://www.bleepingcomputer.com/news/security/quantum-ransomware-seen-deployed-in-rapid-network-attacks/) [Snap-on discloses data breach claimed by Conti ransomware gang](https://www.bleepingcomputer.com/news/security/snap-on-discloses-data-breach-claimed-by-conti-ransomware-gang/) [Shutterfly discloses data breach after Conti ransomware attack](https://www.bleepingcomputer.com/news/security/shutterfly-discloses-data-breach-after-conti-ransomware-attack/) [Babuk Locker](https://www.bleepingcomputer.com/tag/babuk-locker/) [Babyk](https://www.bleepingcomputer.com/tag/babyk/) [Data Exfiltration](https://www.bleepingcomputer.com/tag/data-exfiltration/) [Data Leak](https://www.bleepingcomputer.com/tag/data-leak/) [Double-Extortion](https://www.bleepingcomputer.com/tag/double-extortion/) [Ransomware](https://www.bleepingcomputer.com/tag/ransomware/) [Lawrence Abrams](https://www.bleepingcomputer.com/author/lawrence-abrams/) Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence's area of expertise includes Windows, malware removal, and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies. [Previous Article](https://www.bleepingcomputer.com/news/security/microsoft-defender-now-detects-macos-system-app-vulnerabilities/) [Next Article](https://www.bleepingcomputer.com/news/security/us-federal-payroll-agency-hacked-using-solarwinds-software-flaw/) ### Comments [buddy215 - 1 year ago](https://www.bleepingcomputer.com/forums/u/64042/buddy215/)

(except the foundations who help LGBT and BLM) Imagine that...those criminals have the same principles and ethics as those who attempted to find and hang Pence and other pols during the attempted coup on January 6 at Trump's command.

----- [lovalim - 7 months ago](https://www.bleepingcomputer.com/forums/u/1068947/lovalim/) babyk belongs to which ransomware family [Lawrence Abrams - 7 months ago](https://www.bleepingcomputer.com/author/lawrence-abrams/) Babyk/Babuk is its own family. Post a Comment [Community Rules](https://www.bleepingcomputer.com/posting-guidelines/) You need to login in order to post a comment [Not a member yet? Register Now](https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=register) ### You may also like: -----