Babuk Locker 2.0: The New Ransomware Affiliate Program

Pietro Melillo : 13 March 2025 22:54

Babuk, one of the most notorious ransomware groups in cybercrime, has launched the Babuk Locker 2.0 Affiliate Program 2025, an affiliate program for skilled hackers looking to profit from ransomware attacks. This program, published on their data leak site, introduces new advanced features and a more structured model for those wishing to join their criminal network.

How the Program Works

Babuk Locker 2.0 accepts affiliates from all over the world, regardless of language or origin, provided they have experience in penetration testing and compromising IT systems. Their goal is clear: maximize profits through targeted attacks and manage ransom payments more efficiently. The platform allows affiliates to independently handle communications with victims and extortion operations.

New Features of the Platform

The new version of Babuk Locker introduces several features to simplify cybercriminal operations, including:

• Tor-based control panel: An interface for managing attacks and negotiating ransoms.
• Chat with victims: A messaging system with notifications and file transfer.
• Decryption verification: The ability to demonstrate to victims that the ransomware can effectively restore files.
• Babuk Stealer: A module for stealing data before encryption.
• Automatic data upload: Affiliates can upload stolen information directly to the group’s blog.
• Network scanner: To identify shared resources within the victim’s network.
• Automatic ransomware distribution: The malware spreads without the need for scripts or advanced configurations.

How Much Affiliates Earn

CORSO NIS2 : Network and Information system 2
La direttiva NIS2 rappresenta una delle novità più importanti per la sicurezza informatica in Europa, imponendo nuovi obblighi alle aziende e alle infrastrutture critiche per migliorare la resilienza contro le cyber minacce. Con scadenze stringenti e penalità elevate per chi non si adegua, comprendere i requisiti della NIS2 è essenziale per garantire la compliance e proteggere la tua organizzazione.

Accedi All'Anteprima del Corso condotto dall'Avv. Andrea Capelli sulla nostra Academy e segui l'anteprima gratuita.
Per ulteriori informazioni, scrivici ad [email protected] oppure scrivici su Whatsapp al 379 163 8765 

Supporta RHC attraverso:

• L'acquisto del fumetto sul Cybersecurity Awareness
• Ascoltando i nostri Podcast
• Seguendo RHC su WhatsApp
• Seguendo RHC su Telegram
• Scarica gratuitamente "Dark Mirror", il report sul ransomware di Dark Lab

Ti piacciono gli articoli di Red Hot Cyber? Non aspettare oltre, iscriviti alla newsletter settimanale per non perdere nessun articolo.

Babuk Locker 2.0 enforces a fixed 10% commission on ransom payments received by affiliates. Each affiliate negotiates directly with the victim and then transfers the required percentage to the Babuk group. To ensure participant credibility, the program requires a $25,000 USD deposit in Bitcoin, a strategy aimed at filtering out law enforcement infiltrators or undercover investigators.

Who Can and Cannot Be Targeted

Babuk has established some rules regarding attack targets:

• Prohibited attacks on critical infrastructure: Nuclear power plants, public hospitals, and post-Soviet organizations are off-limits.
• Allowed targets: Private companies, for-profit educational institutions, pharmaceutical firms, and aesthetic clinics.
• Encouraged attacks: Law enforcement agencies and government organizations involved in cybercrime investigations.

Conclusion

The Babuk Locker 2.0 Affiliate Program 2025 demonstrates how ransomware is becoming more sophisticated and structured. With increasingly advanced tools and direct control over negotiations, the Babuk group positions itself as one of the most dangerous actors in the cybercriminal landscape. For companies, staying vigilant and strengthening security measures is the only way to counter these ever-growing threats.

Pietro Melillo
Head of the Dark Lab group. A Computer Engineer specialised in Cyber Security with a deep passion for Hacking and technology, currently CISO of WURTH Italia, he was responsible for Cyber Threat Intelligence & Dark Web analysis services at IBM, carries out research and teaching activities on Cyber Threat Intelligence topics at the University of Sannio, as a Ph.D, author of scientific papers and development of tools to support cybersecurity activities. Leads the CTI Team "RHC DarkLab"

Lista degli articoli