Security News > 2021 > December > Rook ransomware is yet another spawn of the leaked Babuk code
A new ransomware operation named Rook has appeared recently on the cyber-crime space, declaring a desperate need to make "a lot of money" by breaching corporate networks and encrypting devices.
The Rook ransomware payload is usually delivered via Cobalt Strike, with phishing emails and shady torrent downloads being reported as the initial infection vector.
SentinelLabs has found numerous code similarities between Rook and Babuk, a defunct RaaS that had its complete source code leaked on a Russian-speaking forum in September 2021.
Rook uses the same API calls to retrieve the name and status of each running service and the same functions to terminate them.
Due to these code similarities, Sentinel One believes that Rook is based on the leaked source code for the Babuk Ransomware operation.
The Rook data leak site currently contains two victims, a bank and an Indian aviation and aerospace specialist.