Security News > 2023 > May > New Buhti ransomware uses leaked payloads and public exploits
A newly identified ransomware operation has refashioned leaked LockBit and Babuk payloads into Buhti ransomware, to launch attacks on both Windows and Linux systems.
One notable aspect of the attackers leveraging the Buhti ransomware is their ability to quickly exploit newly disclosed vulnerabilities.
The Buhti ransomware payload targeting Windows computers is a slightly modified version of the leaked LockBit 3.0 ransomware.
To target Linux systems, Buhti employs a variant of the leaked Babuk ransomware.
"Babuk was one of the first ransomware actors to target ESXi systems with a Linux payload. Babuk's source code was leaked in 2021 and since then has been adopted and reused by multiple ransomware operations," Symantec explained.
"While the reuse of leaked payloads is often the hallmark of a less-skilled ransomware operation, Blacktail's general competence in carrying out attacks, coupled with its ability to recognize the utility of newly discovered vulnerabilities, suggests that it is not to be underestimated," Symantec has concluded.
News URL
https://www.helpnetsecurity.com/2023/05/26/buhti-ransomware/
Related news
- Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit (source)
- Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks (source)
- New Ransomware Strain 'CACTUS' Exploits VPN Flaws to Infiltrate Networks (source)
- New Buhti ransomware gang uses leaked Windows, Linux encryptors (source)
- Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code (source)