Security News > 2023 > May > New Buhti ransomware uses leaked payloads and public exploits

New Buhti ransomware uses leaked payloads and public exploits
2023-05-26 04:45

A newly identified ransomware operation has refashioned leaked LockBit and Babuk payloads into Buhti ransomware, to launch attacks on both Windows and Linux systems.

One notable aspect of the attackers leveraging the Buhti ransomware is their ability to quickly exploit newly disclosed vulnerabilities.

The Buhti ransomware payload targeting Windows computers is a slightly modified version of the leaked LockBit 3.0 ransomware.

To target Linux systems, Buhti employs a variant of the leaked Babuk ransomware.

"Babuk was one of the first ransomware actors to target ESXi systems with a Linux payload. Babuk's source code was leaked in 2021 and since then has been adopted and reused by multiple ransomware operations," Symantec explained.

"While the reuse of leaked payloads is often the hallmark of a less-skilled ransomware operation, Blacktail's general competence in carrying out attacks, coupled with its ability to recognize the utility of newly discovered vulnerabilities, suggests that it is not to be underestimated," Symantec has concluded.

News URL