'Pen-Tested' by a Hacker: What to Believe
When actors from the Babuk ransomware gang announced the start of their operations on underground forums in 2021, they advertised their services as special software to “show the security issues inside corporate networks.”
As the ransomware-as-a-service (RAAS) landscape has exploded during the past three years, more and more groups have taken a similar position to the Babuk gang, framing themselves as “penetration testers” and promising victims a comprehensive security report if they pay the ransom demand. Failing to pay the ransom, though, would result in public disclosure of the vulnerabilities—effectively leaving the company wide open to attack.
Recommended: What to Expect When You're Infected with Ransomware