Security News > 2023 > May > Babuk code used by 9 ransomware gangs to encrypt VMWare ESXi servers

Babuk code used by 9 ransomware gangs to encrypt VMWare ESXi servers
2023-05-11 18:04

An increasing number of ransomware operations are adopting the leaked Babuk ransomware source code to create Linux encryptors targeting VMware ESXi servers.

"There is a noticeable trend that actors increasingly use the Babuk builder to develop ESXi and Linux ransomware," said SentinelLabs threat researcher Alex Delamotte.

The list of new ransomware families that have adopted it to build new Babuk-based ESXi encryptors since H2 2022 includes Play, Mario, Conti POC, REvil aka Revix, Cylance ransomware, Dataf Locker, Rorschach aka BabLock, Lock4, and RTM Locker.

These add to many other unique, non-Babuk-based ransomware strains targeting VMware ESXi virtual machines discovered in the wild for several years.

The gang's ransomware source code was leaked on a Russian-speaking hacking forum in September 2021, together with VMware ESXi, NAS, and Windows encryptors, as well as encryptors and decryptors compiled for some of the gang's victims.

Babuk members splintered off, with the admin launching the Ramp cybercrime forum and the other core members relaunching the ransomware as Babuk V2..


News URL

https://www.bleepingcomputer.com/news/security/babuk-code-used-by-9-ransomware-gangs-to-encrypt-vmware-esxi-servers/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 146 11 222 256 102 591