The Babuk2 ransomware group has been caught issuing extortion demands based on false claims and recycled data from previous breaches.
This revelation comes from recent investigations conducted by the Halcyon RISE Team, shedding light on a concerning trend in the world of cybercrime.
The Babuk2 group, also known as Babuk-Bjorka, has been making waves with public announcements of numerous attacks.
However, these claims have not been corroborated by third parties or the alleged victims, raising suspicions about the authenticity of these incidents.
Halcyon analysts identified that the group appears to be leveraging data from earlier breaches to support their extortion claims.
Many of the purported victims were previously targeted by other ransomware groups such as RansomHub, FunkSec, LockBit, and even the original Babuk team.
What makes this situation particularly alarming is the lack of evidence supporting any new, live ransomware encryption or fresh network intrusions.
The Halcyon RISE Team’s analysis suggests that the data being used is recycled from past incidents, despite Babuk2’s claims of conducting multiple attacks in early 2025.
The Babuk2 operation seems to be capitalizing on the notoriety of the original Babuk ransomware, which was active in 2021.
By using the Babuk name, the group aims to establish credibility in the cybercriminal underworld.
The administrator, known as Bjorka, has been active on various forums and ...
Thailand's Securities and Exchange Commission (SEC) has launched legal action against prominent doctor Boon Vanasin, filing a criminal complaint with the Economic Crime Suppression Division (ECD) ...