Buhti: New Ransomware Operation Relies on Repurposed Payloads

A relatively new ransomware operation calling itself Buhti appears to be eschewing developing its own payload and is instead utilizing variants of the leaked LockBit and Babuk ransomware families to attack Windows and Linux systems. While the group doesn’t develop Read More …

Babuk code used by 9 ransomware gangs to encrypt VMWare ESXi servers

An increasing number of ransomware operations are adopting the leaked Babuk ransomware source code to create Linux encryptors targeting VMware ESXi servers. SentinelLabs security researchers observed this rising trend after spotting a rapid succession of nine Babuk-based ransomware variants that Read More …

Rook ransomware is yet another spawn of the leaked Babuk code

A new ransomware operation named Rook has appeared recently on the cyber-crime space, declaring a desperate need to make “a lot of money” by breaching corporate networks and encrypting devices. Although the introductory statements on their data leak portal were Read More …

‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks

A new-ish threat actor sometimes known as “Tortilla” is launching a fresh round of ProxyShell attacks on Microsoft Exchange servers, this time with the aim of inflicting vulnerable servers with variants of the Babuk ransomware. Cisco Talos researchers said in Read More …

Ransomware decryptor roundup: BlackByte, Atom Silo, LockFile, Babuk decryptors released

Ransomware decryptors for the BlackByte, Atom Silo, LockFile and Babuk strains were released over the last two weeks, highlighting some amount of progress in the fight against a few of the smaller ransomware gangs. Last week, security company Avast released Read More …

Free decryptor released for Atom Silo and LockFile ransomware

Avast has just released a decryption tool that will help AtomSilo and LockFile ransomware victims recover some of their files for free without having to pay a ransom. Avast released another decryption tool earlier today to help Babuk ransomware victims Read More …

Russian-language cybercriminal forum ‘XSS’ bans DarkSide and other ransomware groups

Cybersecurity researchers with Flashpoint, Digital Shadows’ Photon Research Team and other firms have confirmed that XSS, a popular cybercriminal forum, has outright banned ransomware sales, ransomware rental, and ransomware affiliate programs on their platform, according to a announcement released in Read More …