At a glance.
- Babuk source code as criminal inspiration.
- CISA and FBI release a joint report on PaperCut NG/MF vulnerability exploitation.
- More bad bots out there than anyone would like.
- KillNet’s short-lived PMHC venture: new services amidst the reorganization regret.
Babuk source code as criminal inspiration.
The leaked Babuk ransomware source code has become a treasure trove for ransomware operators, Bleeping Computer reports.The Babuk code was leaked on a Russian forum in September of 2021, Decipher adds in its own coverage. SentinelLabs researchers discovered ten ransomware families throughout the second half of 2022 and the first half of 2023, using VMware ESXi lockers based on the Babuk code. “There is a noticeable trend that actors increasingly use the Babuk builder to develop ESXi and Linux ransomware,” said the researchers in their release.
The malware compromises VMware ESXi servers on Linux machines. The researchers noted that “The talent pool for Linux malware developers is surely much smaller in ransomware development circles, which have historically held demonstrable expertise in crafting elegant Windows malware.” Use of Babuk code is expected to increase, and may do so in tandem with the anticipated growth of the Go-based locker version that targets network attached storage (NAS) devices. For more on Babuk, see CyberWire Pro.