Skip to main content

Ransomwhere.org

Dashboard Live Map About Feed Groups

Payments TTPs Identify News API

LIVE

Ransomwhere.org

Real-time ransomware intelligence platform. Tracking threat actors, victims, and payments to raise awareness and help defend against ransomware attacks worldwide.

Platform

Live Map
Latest Victims
Groups
Payments
Identify
News

Resources

Data & Methodology
API Docs
RSS Feed
About
Privacy Policy
Terms of Service
NoMoreRansom
Ransomware.live
CISA Advisories

For informational purposes only.

© 2026 Ransomwhere.org

Groups/babuk

// group profile

babuk

Inactive

Babuk Ransomware is a sophisticated ransomware compiled for several platforms. Windows and ARM for Linux are the most used compiled versions, but ESX and a 32bit old PE executable were observed over time. as well It uses an Elliptic Curve Algorithm (Montgomery Algorithm) to build the encryption keys.

8

Victims

1

Sites

Victims (8)

Live

4murs.com

babukFrance

Arabian Computer Supplies co.

spsr-law.com

E.A. Gibson Shipbrokers

BridgeMill Athletic Club

babukUnited States

Washington DC Metropolitan Police Department

babukUnited States

Houston Rockets NBA Team

babukUnited States

Serco

babukUnited Kingdom

Known Leak Sites

nq4zyac4ukl4tykmidbzgdlvaboqeqsemkp4t35bzvjeve6zm2lqcjid.onionDLS

Top Targeted Countries

United States3

France1

United Kingdom1

MITRE ATT&CK

T1486Data Encrypted for Impact

Uses ChaCha8 and ECDH encryption

T1490Inhibit System Recovery

Deletes shadow copies

T1489Service Stop

Terminates services and processes

T1021.004SSH

Targets ESXi hypervisors via SSH

Activity

Total victims8

Countries affected3

Last seenNo recent activity

Explore

Ransomware NewsRelated articles

Check DecryptorsFree tools

Payment DataRansom tracking

MITRE ATT&CKTechniques

Live MapGlobal view

Source: ransomware.live|Refreshes every 5 min