Multiple ransomware groups have adapted the Babuk Locker code to target VMware ESXi virtual machines, according to researchers at security firm ESET. The Babuk Locker ransomware was first identified in January 2021 and gained notoriety for its use in high-profile attacks against organizations such as the Washington DC Metropolitan Police Department. The updated versions of the ransomware, which ESET has dubbed “Babuk v2,” use a new encryption algorithm that is specifically designed to target virtual machines running on VMware’s ESXi hypervisor.
The researchers suggest that the new versions of Babuk may be the work of multiple groups, rather than a single actor. They note that the code has been modified in different ways by different groups, suggesting that it may have been shared or sold on underground forums. The researchers also warn that the attacks could have serious consequences, as many organizations rely on virtual machines to run critical systems and may not have adequate backups in place to recover from a ransomware attack.
Read more: https://www.darkreading.com/cloud/multiple-ransomware-groups-adapt-babuk-code-to-target-esxi-vms