During November, Morphisec identified a brand-new variant of
Babuk ransomware while investigating a customer's prevention event. Babuk was first discovered at the beginning of 2021, when it began targeting businesses to steal and encrypt data in double-extortion attacks. Later in the year, a threat actor leaked the complete source code for Babuk on a Russian-speaking hacking forum.
Now threat actors have combined Babuk’s leaked source code with open-source evasive software and side loading techniques to create a variant previously unseen in the wild. During the same month, Trend Micro released details about a
similar ransomware, mistakenly attributing it to WannaRen and naming the ransomware after the targeted company’s name. This time attackers used a new Babuk strain to target a multibillion-dollar manufacturing company with more than 10,000 workstations and server devices.
blog.morphisec.com
