Security News > 2023 > May > Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code

The threat actors behind the nascent Buhti ransomware have eschewed their custom payload in favor of leaked LockBit and Babuk ransomware families to strike Windows and Linux systems.

The latest findings from Symantec show that Blacktail's modus operandi might be changing, what with the actor leveraging modified versions of the leaked LockBit 3.0 and Babuk ransomware source code to target Windows and Linux, respectively.

Both Babuk and LockBit have had its ransomware source code published online in September 2021 and September 2022, spawning multiple imitators.

One notable cybercrime group that's already using the LockBit ransomware builder is the Bl00dy Ransomware Gang, which was recently spotlighted by U.S. government agencies as exploiting vulnerable PaperCut servers in attacks against the education sector in the country.

"Major ransomware gangs are borrowing capabilities from either leaked code or code purchased from other cybercriminals, which may improve the functionality of their own malware," Kaspersky noted in its ransomware trends report for 2023.

According to Cyble, a new ransomware family dubbed Obsidian ORB takes a leaf out of Chaos, which has also been the foundation for other ransomware strains like BlackSnake and Onyx.

News URL

https://thehackernews.com/2023/05/buhti-ransomware-gang-switches-tactics.html