"Babuk Source Code Sparks 9 Different Ransomware Strains Targeting VMware ESXi Systems"

Threat actors are taking advantage of the leak of Babuk, also known as Babak or Babyk, ransomware code in September 2021 to build different ransomware families that can target VMware ESXi systems. Alex Delamotte, a security researcher at SentinelOne, noted that the emergence of these variants in the second quarter of 2022 and the first quarter of 2023 shows a growing trend of Babuk source code adoption. Leaked source code allows malicious actors to target Linux systems when they may otherwise lack the expertise to develop a working program. As a result, several large and small cybercrime groups have set their sights on ESXi hypervisors. At least three different ransomware strains, including Cylance, Rorschach, and RTM Locker, that have emerged since the start of the year are based on the leaked Babuk source code. The most recent analysis by SentinelOne indicates that this phenomenon is becoming more prevalent, with the cybersecurity company identifying source code overlaps between Babuk and ESXi lockers attributed to Conti and REvil. Other ransomware families that have adopted features from Babuk include LOCK4, DATAF, Mario, and Play ransomware. This article continues to discuss the leaked Babuk ransomware code sparking different ransomware strains that target VMware ESXi systems.

THN reports "Babuk Source Code Sparks 9 Different Ransomware Strains Targeting VMware ESXi Systems"