The Buhti ransomware gang has switched tactics and is now utilizing leaked LockBit and Babuk ransomware code to target Windows and Linux systems. Despite the change in tactics, the group is still using a custom data exfiltration utility to steal files prior to encryption. The use of leaked code by ransomware gangs is becoming more common, and new ransomware families are constantly emerging with unique features and payment methods.

• The Buhti ransomware gang is now using leaked LockBit and Babuk ransomware code to target Windows and Linux systems.
• The group is still using a custom data exfiltration utility to steal files prior to encryption.
• The use of leaked code by ransomware gangs is becoming more common.
• New ransomware families are constantly emerging with unique features and payment methods.