Using the Babuk source code as a model
According to Decipher, the Babuk code was exposed on a Russian forum in September 2021. Using VMware ESXi lockers based on the Babuk code, SentinelLabs researchers identified eleven ransomware families in the second half of 2022 and the early part of 2023.
The researchers noted in their publication that there is a discernible trend toward attackers using the Babuk builder more frequently to create ESXi and Linux ransomware.
The virus affects Linux-based VMware ESXi systems. Babuk code usage is likely to rise.
The use of this code, according to James McQuiggan, Security Awareness Advocate at KnowBe4, is concerning in the evolution of ransomware used by cybercriminals:
“Considering the targeted application is a critical component in many on-prem and hybrid enterprise networks, it raises questions about how cybercriminals will use the leaked Babuk source code from 2021 to develop advanced ransomware.
This new danger also shows that hackers are altering this malware to further their harmful objectives rather than merely utilizing it as a template, which might make identification and prevention even more difficult.
Adapting Cybersecurity Measures
Also, this attack method makes it even more crucial to create reliable backup and recovery plans for virtual systems in order to maintain company operations in the event of a successful assault. The democratization of this method of reusing previous malware serves as a reminder of the threat landscape and hackers’ ongoing development. To patch and defend against known vulnerabilities is insufficient.
Organizations must embrace a more comprehensive, multi-layered cybersecurity approach that combines threat intelligence, endpoint protection, and modern staff security awareness training in addition to the conventional perimeter-based defenses. The threat landscape is always changing, and our cybersecurity defenses must adapt as well. The secret is to be aware, watchful, and proactive in thwarting hackers.