Babuk2 Ransomware Issuing Fake Extortion Demands With Data from Old Breaches

The Babuk2 ransomware group has been caught issuing extortion demands based on false claims and recycled data from previous breaches.

This revelation comes from recent investigations conducted by the Halcyon RISE Team, shedding light on a concerning trend in the world of cybercrime.

The Babuk2 group, also known as Babuk-Bjorka, has been making waves with public announcements of numerous attacks.

However, these claims have not been corroborated by third parties or the alleged victims, raising suspicions about the authenticity of these incidents.

Halcyon analysts identified that the group appears to be leveraging data from earlier breaches to support their extortion claims.

Many of the purported victims were previously targeted by other ransomware groups such as RansomHub, FunkSec, LockBit, and even the original Babuk team.

What makes this situation particularly alarming is the lack of evidence supporting any new, live ransomware encryption or fresh network intrusions.

The Halcyon RISE Team’s analysis suggests that the data being used is recycled from past incidents, despite Babuk2’s claims of conducting multiple attacks in early 2025.

The Deceptive Nature of Babuk2’s Operations

The Babuk2 operation seems to be capitalizing on the notoriety of the original Babuk ransomware, which was active in 2021.

By using the Babuk name, the group aims to establish credibility in the cybercriminal underworld.

The administrator, known as Bjorka, has been active on various forums and Telegram, with a history of involvement in other data breaches and extortion attempts.

This tactic of issuing fake extortion demands poses significant risks to businesses, both financially and reputationally.

Even if the attack claims are false, the mere threat can pressure organizations into paying ransoms or investing in unnecessary remediation measures.

It shows the critical importance of due diligence and independent verification of any reported network intrusions.

The high-profile nature of some of Babuk2’s claims, including an alleged significant incident targeting Indian military and government data, necessitates heightened vigilance among decision-makers and cybersecurity professionals.

As the cybersecurity landscape continues to evolve, it’s crucial for organizations to stay informed and consult with experts to accurately interpret and respond to such threats.

The Babuk2 case serves as a stark reminder of the deceptive tactics employed by cybercriminals and the need for robust verification processes in the face of extortion attempts.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free