Ransomware Group: BABUK2

VICTIM NAME: MYINDIHOME TELKOM INDONESIA

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the BABUK2 Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page associated with MYINDIHOME TELKOM INDONESIA, attributed to the group known as Babuk Locker, displays an alarming array of information concerning potential data breaches. The content begins with a brief greeting, indicating a level of engagement with viewers, which is indicative of a forum or public leak platform. Notably, the page has garnered significant attention, as suggested by the viewing statistics. The perpetrator claims to possess access to Telkom Indonesia’s internal database server, where sensitive service data, including client information, is purported to be stored. The stated activity originated from Indonesia, emphasizing the geographical focus of the threat actors.

While the page does not contain specific download links, it hints at the substantial volume of data the attackers claim to have acquired, detailing that the compressed file size reaches approximately 7 GB, with an uncompressed size of 55 GB. The reported data includes various personal identifiers such as IP addresses, emails, phone numbers, client service numbers, and other sensitive information. There is an image associated with the leak, which might include screenshots or details relevant to the claimed data breach, although specifics are not disclosed. The presence of multiple communication methods, including Tox and Telegram handles, indicates the attackers are keen to facilitate further inquiries or transactions regarding the leaked information.