Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Spanish Italian
Search

Babuk Locker 2.0: The New Ransomware Affiliate Program

Pietro Melillo : 13 March 2025 22:54

Babuk, one of the most notorious ransomware groups in cybercrime, has launched the Babuk Locker 2.0 Affiliate Program 2025, an affiliate program for skilled hackers looking to profit from ransomware attacks. This program, published on their data leak site, introduces new advanced features and a more structured model for those wishing to join their criminal network.

How the Program Works

Babuk Locker 2.0 accepts affiliates from all over the world, regardless of language or origin, provided they have experience in penetration testing and compromising IT systems. Their goal is clear: maximize profits through targeted attacks and manage ransom payments more efficiently. The platform allows affiliates to independently handle communications with victims and extortion operations.

New Features of the Platform

The new version of Babuk Locker introduces several features to simplify cybercriminal operations, including:

  • Tor-based control panel: An interface for managing attacks and negotiating ransoms.
  • Chat with victims: A messaging system with notifications and file transfer.
  • Decryption verification: The ability to demonstrate to victims that the ransomware can effectively restore files.
  • Babuk Stealer: A module for stealing data before encryption.
  • Automatic data upload: Affiliates can upload stolen information directly to the group’s blog.
  • Network scanner: To identify shared resources within the victim’s network.
  • Automatic ransomware distribution: The malware spreads without the need for scripts or advanced configurations.

How Much Affiliates Earn

Babuk Locker 2.0 enforces a fixed 10% commission on ransom payments received by affiliates. Each affiliate negotiates directly with the victim and then transfers the required percentage to the Babuk group. To ensure participant credibility, the program requires a $25,000 USD deposit in Bitcoin, a strategy aimed at filtering out law enforcement infiltrators or undercover investigators.

Who Can and Cannot Be Targeted

Babuk has established some rules regarding attack targets:

  • Prohibited attacks on critical infrastructure: Nuclear power plants, public hospitals, and post-Soviet organizations are off-limits.
  • Allowed targets: Private companies, for-profit educational institutions, pharmaceutical firms, and aesthetic clinics.
  • Encouraged attacks: Law enforcement agencies and government organizations involved in cybercrime investigations.

Conclusion

The Babuk Locker 2.0 Affiliate Program 2025 demonstrates how ransomware is becoming more sophisticated and structured. With increasingly advanced tools and direct control over negotiations, the Babuk group positions itself as one of the most dangerous actors in the cybercriminal landscape. For companies, staying vigilant and strengthening security measures is the only way to counter these ever-growing threats.

Pietro Melillo
Head of the Dark Lab group. A Computer Engineer specialised in Cyber Security with a deep passion for Hacking and technology, currently CISO of WURTH Italia, he was responsible for Cyber Threat Intelligence & Dark Web analysis services at IBM, carries out research and teaching activities on Cyber Threat Intelligence topics at the University of Sannio, as a Ph.D, author of scientific papers and development of tools to support cybersecurity activities. Leads the CTI Team "RHC DarkLab"

Lista degli articoli
Categories
Banner
Redhotcyber is an open-news project that was launched in 2019 and subsequently expanded into a network of individuals collaborating to disseminate information and topics focused on technology, Information Technology, and cybersecurity. Its goal is to increase risk awareness among an ever-growing number of people.

Editorial board : [email protected]

Facebook Linkedin Youtube Telegram Twitter Pinterest Tumblr