This revelation comes from recent investigations conducted by the Halcyon RISE Team, shedding light on a concerning trend in the world of cybercrime.
The Babuk2 group, also known as Babuk-Bjorka, has been making waves with public announcements of numerous attacks.
However, these claims have not been corroborated by third parties or the alleged victims, raising suspicions about the authenticity of these incidents.
Halcyon analysts identified that the group appears to be leveraging data from earlier breaches to support their extortion claims.
Many of the purported victims were previously targeted by other ransomware groups such as RansomHub, FunkSec, LockBit, and even the original Babuk team.
What makes this situation particularly alarming is the lack of evidence supporting any new, live ransomware encryption or fresh network intrusions.
The Halcyon RISE Team’s analysis suggests that the data being used is recycled from past incidents, despite Babuk2’s claims of conducting multiple attacks in early 2025.
The Babuk2 operation seems to be capitalizing on the notoriety of the original Babuk ransomware, which was active in 2021.
By using the Babuk name, the group aims to establish credibility in the cybercriminal underworld.
The administrator, known as Bjorka, has been active on various forums and Telegram, with a history of involvement in other data breaches and extortion attempts.
This tactic of issuing fake extortion demands poses significant risks to businesses, both financially and reputationally.
Even if the attack claims are false, the mere threat can pressure organizations into paying ransoms or investing in unnecessary remediation measures.
It shows the critical importance of due diligence and independent verification of any reported network intrusions.
The high-profile nature of some of Babuk2’s claims, including an alleged significant incident targeting Indian military and government data, necessitates heightened vigilance among decision-makers and cybersecurity professionals.
As the cybersecurity landscape continues to evolve, it’s crucial for organizations to stay informed and consult with experts to accurately interpret and respond to such threats.
The Babuk2 case serves as a stark reminder of the deceptive tactics employed by cybercriminals and the need for robust verification processes in the face of extortion attempts.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post Babuk2 Ransomware Issuing Fake Extortion Demands With Data from Old Breaches appeared first on Cyber Security News.
A North Korean threat group known as Kimsuky has been caught running a cyberattack campaign…
Two malicious versions of the popular JavaScript HTTP library Axios were briefly published to the…
A coordinated phishing campaign has been quietly targeting banking customers across the Philippines since early…
During a visit to Memphis on March 23, 2026, President Donald Trump credited the Memphis…
Plumes of smoke rise following an explosion on March 5, 2026 in Tehran, Iran. (Photo…
Indie publishing platform indie.io just launched a Franchise Sale on Steam, and there are a…
This website uses cookies.