Hacker published the source code of the Babuk ransomware on the Russian-language forum

Babuk ransomware source code
Written by Emma Davis

A group of vx-Underground researchers noticed that the full source code of the Babuk ransomware was published on the Russian-speaking hack forum.

A member of the hack group who published the source claims that he was diagnosed with stage 4 lung cancer, and he wants to have time to “live as a human”.

One of the developers for Babuk ransomware group, a 17-year-old from Russia, has been allegedly diagnosed with Stage-4 Lung Cancer. He has decided to leaked the ENTIRE Babuk source code for Windows, ESXI, NAS.vx-Underground specialists wrote in their Twitter account.
Babuk ransomware source code

A translated forum post on a hacking forum

Let me remind you that Babuk (aka Babuk Locker and Babyk) appeared in early 2021. Malware attacked companies, encrypted their data, and its operators also stole victims’ files and demanded a double ransom from the victims.

After the attack on the District of Columbia Central Police Department, Babuk operators received too much attention, and in April 2021, the hack group announced that it would cease operations.

BleepingComputer learned from a member of the Babuk ransomware gang that the group split after an attack on the Washington, D.C. Metropolitan Police Department.

After that, the “Admin” allegedly wanted to disclose the data of the MPD for publicity, while the other members of the gang were against it.

We are not good guys, but even for us it was an overkill.said a former member of the group.

Following the data breach, the group split from the original administrator who formed the cybercrime forum Ramp, while the rest renamed the malware Babuk V2 and continue to encrypt victims’ files to this day.

Bleeping Computer also reports that the files now shared by one of the team members contain various Visual Studio projects for VMware ESXi, NAS and Windows encryption, as shown in the screenshot below.

Babuk ransomware source code

The Windows folder contains the complete malware source code, decoder code, and a private and public key generator.

Babuk ransomware source code

Emsisoft CTO and renowned information security expert Fabian Vosar, as well as researchers from McAfee Enterprise, have already confirmed to reporters that the leak is genuine. Vosar believes that this “leak” can help decipher the data of past victims of the ransomware, but so far the researchers are only verifying this information.

User Review
5 (1 vote)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply