Cybersecuritynews
Payload Ransomware Targets Windows and ESXi with Babuk Encryption
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A new ransomware strain named 'Payload' has emerged, posing a significant threat to organizations utilizing Windows and VMware ESXi systems. The group behind Payload has been active since at least February 17, 2026, and employs Babuk-style cryptography along with advanced anti-forensic techniques. Initial reports indicate that mid-to-large organizations across various sectors and countries are being targeted. The ransomware operates on a double-extortion model, demanding payment for decryption keys and threatening to leak sensitive data. As of now, specific numbers of victims or financial impacts have not been disclosed. The first victim was reported shortly after the ransomware's Windows binary was compiled. Security professionals are urged to remain vigilant as the group continues to expand its operations.
Key Points: • Payload ransomware targets both Windows and VMware ESXi environments. • The group has been active since February 17, 2026, using Babuk-style encryption. • It employs a double-extortion model, threatening data leaks alongside encryption.