A Rebirth of a Cursed Existence? Examining ‘Babuk Locker 2.0’ Ransomware

Ransomware remains a major threat, causing significant disruption and financial losses to organizations across various sectors. Cybercriminal groups behind these attacks constantly adapt their methods to maximize damage and profit. In early 2025, Rapid7 researchers came across a channel promoting Read More …

Head Mare: adventures of a unicorn in Russia and Belarus

Head Mare is a hacktivist group that first made itself known in 2023 on the social network X (formerly Twitter). In their public posts, the attackers reveal information about some of their victims, including organization names, internal documents stolen during Read More …

One of the FBI’s most wanted hackers is trolling the U.S. government

Earlier this year, the U.S. government indicted Russian hacker Mikhail Matveev, also known by his online monikers “Wazawaka” and “Boriselcin,” accusing him of being “a prolific ransomware affiliate” who carried out “significant attacks” against companies and critical infrastructure in the Read More …

Buhti: New Ransomware Operation Relies on Repurposed Payloads

A relatively new ransomware operation calling itself Buhti appears to be eschewing developing its own payload and is instead utilizing variants of the leaked LockBit and Babuk ransomware families to attack Windows and Linux systems. While the group doesn’t develop Read More …

Babuk code used by 9 ransomware gangs to encrypt VMWare ESXi servers

An increasing number of ransomware operations are adopting the leaked Babuk ransomware source code to create Linux encryptors targeting VMware ESXi servers. SentinelLabs security researchers observed this rising trend after spotting a rapid succession of nine Babuk-based ransomware variants that Read More …

Rook ransomware is yet another spawn of the leaked Babuk code

A new ransomware operation named Rook has appeared recently on the cyber-crime space, declaring a desperate need to make “a lot of money” by breaching corporate networks and encrypting devices. Although the introductory statements on their data leak portal were Read More …

‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks

A new-ish threat actor sometimes known as “Tortilla” is launching a fresh round of ProxyShell attacks on Microsoft Exchange servers, this time with the aim of inflicting vulnerable servers with variants of the Babuk ransomware. Cisco Talos researchers said in Read More …

Ransomware decryptor roundup: BlackByte, Atom Silo, LockFile, Babuk decryptors released

Ransomware decryptors for the BlackByte, Atom Silo, LockFile and Babuk strains were released over the last two weeks, highlighting some amount of progress in the fight against a few of the smaller ransomware gangs. Last week, security company Avast released Read More …