Back to Threat Groups

bjorka

ransomware group

Hellcome Bjorkanism <br/>Bjorka emerged as a prominent data-extortion actor and hacktivist initially active in 2022, targeting Indonesian institutions with massive data leaks—including voter records, police data, and internal telecom and utility datasets. After going quiet in 2023, the actor resurfaced in early 2025, now positioning under the name Babuk2, leveraging legacy branding from the Babuk ransomware group to amplify perceived credibility and fuel data extortion operations. Notably, Bjorka has not been linked to deploying true ransomware payloads; rather, the strategy revolves around reputational leverage via data leaks and selecting branding for psychological impact.

Victims
2
records
First Discovered
Apr 13, 2026
victim
Last Discovered
Apr 13, 2026
victim
Inactive Since
93
days
Countries
1
hit
Avg Discount
no settlements

Group Activity

Last 12 months
Aug
2025
Sep
2025
Oct
2025
Nov
2025
Dec
2025
Jan
2026
Feb
2026
Mar
2026
2
Apr
2026
May
2026
Jun
2026
Jul
2026

Infrastructure

leak site
ONLINE
https://bjork.ai/

957ms

2d ago

leak site
ONLINE
https://netleaks.net/contact/

595ms

2d ago

leak site
ONLINE
https://netleaks.net/databases/

1042ms

1d ago

leak site
ONLINE
https://netleaks.net/

325ms

11h ago