Skip to main content

// group profile

babuk2

Inactive

Babuk Locker 2.0, also known as Bjorka or SkyWave, after failing to make any profit from selling public databases on forums, decided to impersonate Babuk Ransomware group. He launched a blog where he claimed multiple public breaches from BreachForums as ransomware attacks

180

Victims

4

Sites

Victims (180)

Live

tecnologias.mspz2.gob.ec

babuk2Ecuador

turkish defense military

babuk2Turkey

rheinmetall.com (Rheinmetall Defence)

babuk2Germany

gangotreehomes.com (RealEstate)

Secret plans of Indian army

Bangladesh Armed Forces (BangLadesh Army)

babuk2Bangladesh

Saudi Arabian military and government internal center

babuk2Saudi Arabia

Hellenic Airforce

babuk2Greece

ezbuy.sg (Singapore Shopping)

babuk2Singapore

Iran gas service system

kfar hatta medical center - Lebanon

babuk2Lebanon

Polizia italia mail access

zalora.sg (Singapore Shopping)

babuk2Singapore

ascires.com

aosense.com - AO Sense INC.

babuk2United States

dardoc.com

babuk2Denmark

navy-mil-bd

babuk2Bangladesh

drdo.gov.in

uniproof.com.br

babuk2Brazil

(UPDATE) - whitecapcanada.com

babuk2Canada

pln.co.id - PLN INDONESIA

babuk2Indonesia

moh.gov.rw

babuk2Rwanda

iDRAC (Integrated Dell Remote Access Controller) management interface for Dell servers

babuk2United States

elsoms.com

babuk2United Kingdom

brune.com.br - Group MC (conglomerate)

babuk2Brazil

Known Leak Sites

7dikawx73goypgfi4zyo5fcajxwb7agemmiwqax3p54aey4dwobcvcyd.onionDLS

212.24.99.211.DLS

bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onionDLS

5g2e.l.time4vps.cloudDLS

Top Targeted Countries

United States32

Brazil15

India10

Indonesia9

China7

MITRE ATT&CK

T1486Data Encrypted for Impact

Uses ChaCha8 and ECDH encryption

T1490Inhibit System Recovery

Deletes shadow copies

T1489Service Stop

Terminates services and processes

T1021.004SSH

Targets ESXi hypervisors via SSH

Activity

Total victims180

Countries affected51

Last seenNo recent activity

Explore

Ransomware NewsRelated articles

Check DecryptorsFree tools

Payment DataRansom tracking

MITRE ATT&CKTechniques

Live MapGlobal view

Source: ransomware.live|Refreshes every 5 min