Babuk ESXi Family Reference Bablock aka Rorschach https://www.group-ib.com/blog/bablock-ransomware/ Babuk 2023 - XVGV https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ Buhti https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware Cheerscrypt https://www.trendmicro.com/en_us/research/22/e/new-linux-based-ransomware-cheerscrypt-targets-exsi-devices.html Conti POC https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ Cylance https://blog.cyble.com/2023/04/07/new-cylance-ransomware-with-power-packed-commandline-options/ Dataf Locker https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ Lock4 https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ Mario https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ "Maze" 🥴 ESXi https://twitter.com/MalGamy12/status/1694416105803055464 Play https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ PrideLocker https://www.synacktiv.com/en/publications/pridelocker-a-new-fork-of-babuk-esx-encryptor RagnarLocker https://twitter.com/malwrhunterteam/status/1705660901032960305 Revix Beta (v1.1 only) https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ RTM Locker https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux/ SEXi Ransomware https://twitter.com/BushidoToken/status/1780646644725223910 Babuk Windows Family Reference AstraLocker 2.0 https://www.reversinglabs.com/blog/smash-and-grab-astralocker-2-pushes-ransomware-direct-from-office-docs BlueSky https://blog.cyble.com/2022/12/22/new-ransomware-strains-emerging-from-leaked-contis-source-code/ DarkAngels https://blog.cyble.com/2022/05/06/rebranded-babuk-ransomware-in-action-darkangels-ransomware-performs-targeted-attack/ Night Sky https://cyware.com/news/night-sky-ransomwares-ride-from-dawn-till-dusk-ae1e2f8e Nokoyawa https://www.fortinet.com/blog/threat-research/nokoyawa-variant-catching-up Pandora https://www.cloudsek.com/blog/technical-analysis-of-emerging-sophisticated-pandora-ransomware-group RA Group https://blog.talosintelligence.com/ra-group-ransomware/ Rook https://www.sentinelone.com/labs/new-rook-ransomware-feeds-off-the-code-of-babuk/ Conti Windows Family Reference Akira https://labs.k7computing.com/index.php/akira-ransomware-unleashing-chaos-using-conti-leaks/ BlueSky https://blog.cyble.com/2022/12/22/new-ransomware-strains-emerging-from-leaked-contis-source-code/ Gazprom https://twitter.com/malwrhunterteam/status/1653869833816088576 Lockbit Green https://securityaffairs.com/141666/cyber-crime/lockbit-green-ransomware-variant.html MeowCorp https://www.bleepingcomputer.com/news/security/conti-based-ransomware-meowcorp-gets-free-decryptor/ Mimic https://www.trendmicro.com/en_us/research/23/a/new-mimic-ransomware-abuses-everything-apis-for-its-encryption-p.html Monti (maybe?) https://blogs.blackberry.com/en/2022/09/the-curious-case-of-monti-ransomware-a-real-world-doppelganger Putin Team https://blog.cyble.com/2022/12/22/new-ransomware-strains-emerging-from-leaked-contis-source-code/ ScareCrow https://blog.cyble.com/2022/12/22/new-ransomware-strains-emerging-from-leaked-contis-source-code/ Lockbit 3.0 Windows Family Reference Bl00dy https://www.bleepingcomputer.com/news/security/leaked-lockbit-30-builder-used-by-bl00dy-ransomware-gang-in-attacks/ Buhti https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware SchoolBoys https://www.bleepingcomputer.com/news/security/tommyleaks-and-schoolboys-two-sides-of-the-same-ransomware-gang/ TommyLeaks https://www.bleepingcomputer.com/news/security/tommyleaks-and-schoolboys-two-sides-of-the-same-ransomware-gang/