Security News > 2023 > May > Babuk Source Code Sparks 9 Different Ransomware Strains Targeting VMware ESXi Systems

Multiple threat actors have capitalized on the leak of Babuk ransomware code in September 2021 to build as many as nine different ransomware families capable of targeting VMware ESXi systems.

"These variants emerged through H2 2022 and H1 2023, which shows an increasing trend of Babuk source code adoption," SentinelOne security researcher Alex Delamotte said in a report shared with The Hacker News.

What's more, at least three different ransomware strains - Cylance, Rorschach, RTM Locker - that have emerged since the start of the year are based on the leaked Babuk source code.

SentinelOne's latest analysis shows that this phenomenon is more common, with the cybersecurity company identifying source code overlaps between Babuk and ESXi lockers attributed to Conti and REvil.

Other ransomware families that have ported various features from Babuk into their respective code include LOCK4, DATAF, Mario, Play, and Babuk 2023 ransomware.

Since bursting on the scene in September 2022, Royal ransomware has claimed responsibility for targeting 157 organizations on their leak site, with most of the attacks targeting manufacturing, retail, legal services, education, construction, and healthcare services in the U.S., Canada, and Germany.

News URL

https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html