A leaked tool used by the Babuk Locker operation to create custom ransomware executables is now being used by another threat actor in a very active campaign targeting victims worldwide. The new threat actors misspelled Babuk by adding a ‘C’ to ‘Babuck Locker’ in the ransom note. The attack adds the babyk extension to encrypted file names and drops a ransom note named How To Restore Your Files.txt. Victims are from all over the world, and the submitted ransom notes all contain the email address of the threat actor.
Source: https://www.bleepingcomputer.com/news/security/leaked-babuk-locker-ransomware-builder-used-in-new-attacks/