As many as nine distinct ransomware families that are able to target VMware ESXi systems have been developed thanks to the disclosure of Babuk (also Babak or Babyk) ransomware code in September 2021. Alex Delamotte, a security researcher at SentinelOne, found that the use of Babuk source code was on the rise throughout the second half of 2022 and the first half of 2023.
In the case of Linux systems, compromised source code allows attackers to target these systems even if they lack the knowledge necessary to compile fully functional software from scratch.
Alert! 9 new #ransomware families emerge from leaked Babuk source code, capable of targeting #Linux and ESXi environmentshttps://t.co/dxWgCSZyaL#infosec #cybersecurity #hacking— The Hacker News (@TheHackersNews) May 11, 2023
Several large and minor cybercrime organizations have targeted ESXi hypervisors. Furthermore, at least three distinct ransomware strains have appeared since the beginning of the year that is based on the released Babuk source code: Cylance, Rorschach (aka BabLock), and RTM Locker.