Babuk Locker was one of the most feared ransomware operations of early 2021. Attackers became known for targeting businesses and government organizations, steal your data and demand a ransom payment . Now, the source code of the malicious software used by this group of cyber criminals has been leaked onto the network.
As indicated by Bleeping Computer , a suspected member of the group posted the full source code of the Babuk ransomware on a Russian hacking forum. The author of the publication claimed to be suffering from a terminal illness. Because of that he decided to publish the files without any restriction for their download.
The folders contain various ransomware projects in Visual Studio for VMware ESXi, NAS, and Windows. Also, as mentioned at the beginning, the files contain the full source code of the encryptor and decryptor for Microsoft operating systems and, what appears to be a “keygen” of public and private keys.
Researchers from cybersecurity company Emsisoft and McAfee Enterprise have indicated that the Babuk ransomware leak appears legitimate. While the files can be used to decrypt the computers of past victims, they are also a risk, since contain all the necessary elements to execute targeted attacks .
In the past, precisely, a Babuk ransomware generator was leaked on a download site. Unfortunately this was taken over by another group of cybercriminals who mounted their own attack operation. They harvested victims in different parts of the world and extorted them not to publish their files.
Babuk and the Discord ransomware attack
Earlier this year, the Babuk cybercriminal group seemed unstoppable. They had targeted several companies with ransomware attacks, including the Phone House Phone House . However, an attack on the Metropolitan Police Department in Washington DC revealed differences between members.
The team administrator, as explained Bleeping Computer , wanted to leak the stolen data from the Washington police force while the rest of the team was against it. However, data was filtered and the members were divided into different groups.
On the one hand it remained the original administrator of the Babuk cybercriminal group, which launched a cybercrime forum known as Ramp. The rest of the team released Babuk V2 and continued various ransomware attacks.