Blacktail Leverages LockBit and Babuk Source Code to Build Buhti


The source code for the encryptor from the LockBit and Babuk ransomware has been exposed and is being used by the new ransomware operation known as Buhti. Additionally, it exfiltrates data via a specially created information thief. Research indicates that the developer of this ransomware, a new organisation called Blacktail, is not connected to any known threat organisations.

Researchers from Symantec found fresh examples of this virus that targets Windows machines. It utilises LockBit Black, a modified variation of LockBit 3.0. In September 2022, the source code for the Windows LockBit 3.0 constructor was exposed. The first samples, which Unit 42 found in February, only targeted Linux.

Read More…