Ransomware
Babuk
First seen: 2021-01 • Status: inactive
Currently Inactive
Babuk attacked the Washington DC Police and leaked their files. After their code got leaked, many other ransomware groups copied it.
Overview
Babuk gained notoriety for attacking the DC Police and had its source code leaked. The code has been used to create many new variants.
Also Known As
Babuk Locker, Babyk
How It Spreads
- • Exploitation
- • Phishing
What It Does
- • File encryption
- • Data theft
- • VMware ESXi targeting
Is your business exposed?
Target Platforms
Windows, Linux, VMware ESXi
Detection Tips
- • Watch for Babuk-derived variants
- • Monitor ESXi security
MITRE ATT&CK Techniques
T1486, T1567
If You're Infected
- 1.
Check for Babuk decryptors
- 2.
Secure ESXi environments
Related Malware
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required