ESXi ransomware derived from Babuk code on the rise in early 2023

Ransomware groups are increasingly targeting ESXi hypervisors, with a rising number of attacks based on the leaked Babuk source code seen in 2023. However, although the ESXiArgs campaign appeared to be based on Babuk, SentinelOne found only minor similarities. The company also identified unexpected links between different ransomware families. Companies using ESXi are particularly vulnerable if they lack an accurate understanding of their network assets and public internet exposure.