A newly identified ransomware operation has refashioned leaked LockBit and Babuk payloads into Buhti ransomware, to launch attacks on both Windows and Linux systems. Use of public exploits One notable aspect of the attackers leveraging the Buhti ransomware is their ability to quickly exploit newly disclosed vulnerabilities (e.g., the recently patched PaperCut and IBM Aspera Faspex flaws). The attackers are leveraging public exploits, Dick O’Brien, principal intelligence analyst with Symantec Threat Hunter team told Help … More

The post New Buhti ransomware uses leaked payloads and public exploits appeared first on Help Net Security.