Babuk-Locker

Parsing : Enabled

Known to be a RaaS

Description

Babuk‑Locker emerged in early 2021 as a Ransomware‑as‑a‑Service (RaaS) gang targeting high‑value “big game” enterprises across sectors like healthcare, telecommunications, finance, education, and government. It initially deployed crypto-ransomware—encrypting files using ChaCha8 encryption with keys secured via elliptic‑curve Diffie‑Hellman—and later added a double‑extortion model involving data theft and leak site threats. Notable incidents include attacks on the Washington, D.C. Metropolitan Police Department and other organizations. In mid‑2021, Babuk’s source code was leaked, prompting both a fragmentation of its core operations and emergence of variants like Babuk Tortilla and Babuk V2. Affiliates exploited vulnerabilities in ESXi hypervisors to deliver destructive variants, and law enforcement actions eventually disrupted key operators.

External Analysis
https://www.bleepingcomputer.com/news/security/leaked-babuk-locker-ransomware-builder-used-in-new-attacks
https://www.bleepingcomputer.com/news/security/babuk-ransomwares-full-source-code-leaked-on-hacker-forum
https://blog.cyberint.com/babuk-locker
Urls
Screen
http://nq4zyac4ukl4tykmidbzgdlvaboqeqsemkp4t35bzvjeve6zm2lqcjid.onion/#section-3
Screen
File servers
Screen
Chat servers
Screen
Admin servers
Screen

Posts

Date Title Description Screen
2022-01-25
The Babuk team shares the position stated by the most famous hacktivist group.
Screen
2022-01-25
4murs.com
Screen
2022-01-25
Arabian Computer Supplies co.
Screen
2022-01-25
spsr-law.com
Screen
2022-01-25
E.A. Gibson Shipbrokers
Screen
2022-01-25
BridgeMill Athletic Club
Screen