Babuk Ransomware

Babuk ransomware emerged in the month of January 2021, breaking into at least 5 major companies on January 15. Like other variants, the ransomware group breaks into and is deployed on the network of companies, which carefully hack and compromise the entire network.

The group makes access by phishing, a very famous tactic used by some other ransomware groups. Phishing is basically an attempt to trick users through emails, phone calls, social media or SMS.

This tactic is easier to fall for than you think, because all of their proposals are very similar to real companies and consequently the victim falls for the scam and the ransomware is installed.

Babuk has been responsible for major attacks, one of which was an attack on the Washington DC Police Department, in addition to the attack the group published 250 GB of stolen data on their blog on the Deep Web.

The ransom amount charged by the group ranges from $60,000 to $80,000, which was probably not paid by the police, who ended up having the data leaked.

Babuk ransomware can invade virtually all versions of Windows from Windows XP to Windows 10, and it not only breaks into the operating system, it also disrupts some backup and anti-malware services upon entering the computer, making it unstoppable.

The ransomware adds a ‘.babyk’ extension to the encrypted files and leaves the following message at the end of the encrypted files: “choung dong looks like hot dog!!!”

Recover Files Encrypted by Babuk Ransomware

Babuk ransomware is extremely complex and sophisticated, making any company using the Windows operating system a potential victim.

We know how disastrous a successful Babuk ransomware attack can be for a company, so we have developed unique solutions to be able to recover data that has been encrypted, even without the decryption key.

We can recover encrypted data through a proprietary technology called Tracer, it can recover data on any storage device such as: HD, SSD, Servers, Storage, Database, RAID Systems, Virtual Machines and others.

All our procedures are done in accordance with the General Data Protection Regulation (GDPR) and we sign the confidentiality agreement (NDA).

Contact one of our specialists and start the recovery process right now.

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Descriptografar ransomware em servidores

Decrypt Server

Ransomware attacks on servers have become a growing threat, jeopardising the security of critical data and business operations. This article explores the nuances of file


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.