The Babuk Locker ransomware builder was uploaded to VirusTotal last week, giving threat actors the ability to modify the ransom note with their own contact info and use it to target Windows, VMware ESXI, Network Attached Storage (NAS) x86, and NAS ARM devices. Security researchers with MalwareHunterTeam also said ID Ransomware received a sharp spike in Babuk Locker submission starting on June 29th. An expert with Blue Hexagon offers perspective.
https://twitter.com/GossiTheDog/status/1409117153182224386
https://twitter.com/malwrhunterteam/status/1410120830844014598
<p>Even though the first obvious concern here is to focus on the source code being reused by other actors creating infinite variants of Babuk, the leak of the source code in this fashion is extremely suspicious and could actually be a smokescreen attempt by the creators of Babuk to divert attention while abandoning the project and tainting investigations by having other people reuse the source code.</p>