Rise in Attacks Against ESXi: Babuk Source Code Inspires Nine Different Ransomware Strains
Ransomware attacks on VMware ESXi systems have significantly increased in recent years. The leak of Babuk ransomware's source code in September 2021 has led to the development of multiple ransomware families. Between H2 2022 and H1 2023, threat actors have reportedly developed at least nine different ransomware strains targeting ESXi hosts, all based on Babuk's leaked source code. Some of these strains include Cylance, Rorschach, and RTM Locker. Other families such as DATAF, LOCK4, Mario, Babuk 2023, and Play ransomware have adapted different features from Babuk's code. The report also highlights similarities between Babuk's source code and the ESXi encrypters used by Conti and REvil. Researchers have also noticed other unique ESXi ransomware families not linked to Babuk, such as ALPHV, Hive, LockBit's ESXi lockers, and Black Basta. The increasing affinity toward ESXi is a growing concern for the security community. Malware: Babuk(Windows), Babuk, Babyk, Babuk(Linux) [View Article](https://cyware.com/news/rise-in-attacks-against-esxi-babuk-source-code-inspires-nine-different-ransomware-strains-ce3f4f1e/)