Cybersecurity NewsNews

VMware ESXi Systems at Risk from Babuk-Derived Ransomware Strains


A variety of threat actors relied on the leak of the Babuk (or Babak) ransomware code in September 2021 to build nine different ransomware families capable of compromising VMware ESXi systems. These nine ransomware families can all encrypt data stored on VMware ESXi systems and their operators have been actively seeking out vulnerable targets since their release.

These actors used the ransomware families to target businesses across the world, which results in huge ransoms and data loss. Security experts warn organizations to ensure they update security measures and patch any vulnerabilities in order to protect against these threats.

In a report by SentinelOne security researcher Alex Delamotte, he states that the two variants released in the past few months were H2 2022 and H1 2023. This enables threat actors to target Linux operating systems with their source code.

Malicious actors focus on ESXi hypervisors, particularly the recently released ransomware strains Cylance, Rorschach and RTM linked with Babuk source code.

Ransomware Group Collaborates to Enhance Ransomware Attacks

SentinelOne’s discovery suggests that the groups behind Babuk and ESXi lockers may have collaborated or shared resources, which could potentially lead to dangerous cyberattacks in the future. It also highlights the importance of continued monitoring and analysis of cyber threats to stay ahead of evolving tactics and techniques.

The collaboration of ransomware groups to achieve similar objectives makes cybersecurity professionals to be on their feet in methods that can combat this threat.

Many actors still consider Golang to be a basic option, but it keeps expanding. The Royal ransomware attacks have caused huge financial losses and disruption to services. This highlights the need for organizations to prioritize cybersecurity and invest in preventative measures such as regular software updates, employee training, and backup systems.

It is crucial for businesses to take proactive steps to protect their sensitive data and prevent future attacks.