Ransomware Group: BABUK

VICTIM NAME: www[.]avantit[.]no

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the BABUK Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page related to the victim, identified as Avant IT, reveals a significant data breach involving their digital assets. The page contains a detailed hash list linked to several internal accounts and servers, which may indicate compromised credentials. These hashes represent possible access points to sensitive information, posing substantial risks to the organization’s security. The posted information also mentions a countdown for contacting the attackers, with a strict 3-day limit imposed to negotiate before they proceed with public exposure of the sensitive source code. The presence of such demands reflects a typical tactic employed by ransomware operators to hasten negotiations.

Avant IT operates within the technology sector, focusing on tailored IT operations, software development, and integrated solutions primarily in the Nordic region. The company highlights its partnerships with Microsoft and HP, indicating a robust engagement in creating comprehensive technological solutions, including document management systems. The leak not only compromises internal security but threatens the operational integrity and reputation of Avant IT’s partnerships across various industries. While images may accompany this leak, the specifics concerning their content align with general cybersecurity vulnerability illustrations. Notably, the leak page does not provide direct download links to the information disclosed, suggesting the attackers aim to pressure the victim into compliance rather than facilitate easy extraction of data.