Recent investigations by the Halcyon RISE Team have uncovered a concerning trend in the ransomware landscape: the Babuk2 group is issuing extortion demands based on false claims.
This group, which emerged in January 2025, appears to be leveraging previously compromised data to bolster its credibility and coerce organizations into paying ransoms.
Despite announcing numerous attacks, there is no independent confirmation from victims or third parties that these incidents have actually occurred.
False Claims and Recycled Data
Babuk2, also known as Babuk-Bjorka, seems to be reusing data from earlier breaches to support its extortion claims.
Many of the victims listed in their announcements were previously targeted by other ransomware groups such as RansomHub, FunkSec, LockBit, and even the original Babuk team.
This tactic of recycling old breach data allows Babuk2 to create the illusion of active and successful operations, thereby increasing the pressure on potential victims to comply with their demands.
The lack of evidence supporting new, live ransomware encryption or fresh network intrusions suggests that Babuk2’s claims are largely unfounded.
According to the Report, this approach poses significant risks for businesses, as even the mere threat of an attack can lead organizations to invest in unnecessary remediation measures or pay ransoms out of fear.
It is crucial for businesses to conduct thorough, independent investigations of any reported breaches to verify whether the data being used is from a new breach or simply recycled from previous incidents.
Impact and Recommendations
The high-profile nature of some of Babuk2’s claims, including an alleged significant incident targeting Indian military and government data, underscores the need for vigilance.
Decision-makers must remain alert and consult with cybersecurity experts to accurately interpret such threats.
A proactive approach, including verifying network integrity and checking for signs of genuine new attacks, will help prevent unnecessary panic and financial loss.
Organizations facing such claims should prioritize due diligence to ensure that any extortion demands are backed by solid evidence of network intrusions.
Babuk2’s strategy of exploiting old breach data for fake extortion scams highlights the evolving nature of ransomware threats.
As the cybersecurity landscape continues to shift, it is essential for businesses to stay informed and adopt robust measures to protect against both real and fabricated threats.
By leveraging advanced cybersecurity solutions and maintaining a cautious stance towards unsubstantiated claims, organizations can mitigate the risks associated with ransomware extortion attempts.
