Babuk2 Ransomware Group Targets Movistar Peru in Latest Attack

In a recent report from

the Attack

The Babuk2 ransomware group has added Movistar Peru’s official website, movistar.com.pe, to its list of compromised entities. The attack was confirmed by the ThreatMon Threat Intelligence Team on March 14, 2025, at approximately 10:11 AM UTC+3. Babuk2, a known ransomware group, has gained infamy due to its persistent and devastating cybercrime campaigns. This new attack highlights the ongoing threat faced by major corporations worldwide, particularly in the telecommunications sector.

Babuk2’s ransomware attacks typically involve data encryption and demands for ransom in exchange for decryption keys. These attacks often target high-profile organizations and are aimed at gaining financial profit through extortion. The incident involving Movistar Peru underscores the growing risk for businesses, large and small, to become victims of ransomware.

Movistar Peru is a leading telecom provider in the country, and this attack could have significant implications for both the company and its customers. It is yet unclear what the specific demands of the attackers are, or the extent of the data breach. However, the public nature of the attack points to the aggressive strategies employed by Babuk2.

What Undercode Says:

The attack on Movistar Peru by the Babuk2 ransomware group is a stark reminder of how the landscape of cybercrime is evolving. Ransomware has become one of the most formidable threats to organizations across the globe, and groups like Babuk2 are at the forefront of this wave. It is clear that no industry is immune to these threats, and even the most established companies can fall victim to sophisticated cybercriminal operations.

One of the more concerning aspects of this attack is the increasing boldness of these ransomware actors. Babuk2 is not just encrypting files but is also known to exfiltrate sensitive data and threaten to release it publicly if their demands are not met. This doubles the pressure on organizations, forcing them into a difficult position of not only addressing the immediate technical issue of encryption but also managing the risk of a data leak.

For Movistar Peru, this could mean reputational damage, financial losses, and potential regulatory scrutiny. The attack may have also affected customer data, adding another layer of complexity to the incident. With the telecommunications industry being a critical infrastructure sector, the impact could ripple across other connected services, amplifying the severity of the attack.

Cybersecurity experts recommend several measures to mitigate such risks, including robust network segmentation, regular backups, and continuous monitoring of network activity. Additionally, having a clear incident response plan and collaborating with threat intelligence teams, like those at ThreatMon, is essential in responding to these types of attacks.

Ransomware groups like Babuk2 thrive on the fact that many organizations, especially those that haven’t invested sufficiently in cybersecurity, are easy targets. The financial and reputational cost of these attacks can be devastating, and the fact that the same groups continue to target high-profile entities only underscores the need for constant vigilance.

Fact Checker Results

The Movistar Peru attack has been confirmed by ThreatMon’s Threat Intelligence Team, marking a high-profile incident linked to the Babuk2 ransomware group.
Babuk2 is a notorious ransomware actor, responsible for several high-impact attacks, and its involvement in this latest breach is consistent with its known tactics.
The nature of the attack, as described, aligns with Babuk2’s typical operations, including data encryption and potential extortion demands.