Babuk-Bjorka
Babuk-Bjorka is referenced as a ransomware operation that reportedly “disappeared or paused” in April 2025 amid broader law-enforcement pressure and ecosystem instability affecting multiple major ransomware groups. The provided content does not include high-confidence details on Babuk-Bjorka’s specific targeting, victimology, tooling, initial access methods, TTPs, geographic nexus, or confirmed aliases/sub-groups beyond the name “Babuk-Bjorka,” nor does it attribute the group to any nation-state.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Recent activity
3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Babuk-Bjorka was a ransomware group that became inactive in 2025.
Ransomware/extortion group referenced as having disappeared/paused operations.
Ransomware group reported as having disappeared/paused operations (April).
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.