Babuk Locker was one of the most feared ransomware operations of early 2021. Attackers became known for targeting businesses and government organizations, steal your data and demand a ransom payment. Now, the source code of the malicious software used by this group of cybercriminals has been leaked online.
According to Bleeping Computer, a suspected member of the group posted the full source code of the Babuk ransomware on a Russian hacking forum. The author of the post claimed to be suffering from a terminal illness. Because of that, he decided to publish the files without any restriction for downloading.
The folders contain various ransomware projects in Visual Studio for VMware ESXi, NAS, and Windows. Also, as mentioned at the beginning, the files contain the full source code of the encryptor and decryptor for Microsoft operating systems and what appears to be a “keygen” of public and private keys.
Babuk Ransomware Leaked Source Code | Credit: Bleeping Computer
Researchers from cybersecurity company Emsisoft and McAfee Enterprise have indicated that the Babuk ransomware leak appears legitimate. While the files can be used to decrypt the computers of past victims, they are also a risk as they contain all the necessary elements to execute targeted attacks.
In the past, precisely, a Babuk ransomware generator was leaked on a download site. Unfortunately this was taken over by another group of cybercriminals who mounted their own attack operation. They harvested victims in different parts of the world and extorted them not to publish their files.
Babuk and the Discord ransomware attack
Earlier this year, the Babuk cybercriminal group seemed unstoppable. They had targeted ransomware attacks on several companies, including the phone store Phone House. However, an attack on the Washington DC Metropolitan Police Department revealed differences among members.
The team administrator, Bleeping Computer explains, wanted to leak the stolen data to the Washington police force while the rest of the team was against it. However, data was leaked and the members were divided into different groups.
On one side was the original administrator of the Babuk cybercriminal group, which launched a cybercrime forum known as Ramp. The rest of the team released Babuk V2 and they continued with various ransomware attacks.