Complete source code of Babuk ransomware has been leaked on a Russian-speaking forum for hackers

September 10, 2021
source code leak Babuk ransomware dark web monitoring

Ransomware called Babuk Locker’s complete sources has recently been leaked by a threat actor. The incident has happened inside a Russian-speaking forum for hacking-related subjects. Launched around early 2021, Babuk Locker, also known as Babyk, has begun to victimise many businesses in double-extortion attacks to execute data theft and data encryption.

The ransomware group behind Babuk has claimed that their operations have been shut down right after the heat of their attacks against the Washinton DC’s Metropolitan Police Department or MPD has intensified. Though a subsequent relaunch of the ransomware called Babuk V2 has been executed by the same ransomware group, they are reported to be actively operating up to this day.

The leaked complete sourced code on a Russian-speaking forum for hackers.

A research security group has noticed that one of the members of the Babuk gang has published the entire source code for the said ransomware inside a Russian-speaking forum for hackers. The member is claiming to be bearing terminal cancer, so s/he concluded to release the complete source code while there’s still time to live.


complete source code ff Babuk ransomware leaked Russian forum image 1



Our team has redacted the link from the source code since it consists of all of the necessary items in creating executable ransomware. During our routine scans in our dark web operations, we discovered a Windows folder that holds the full source code for Windows decryptor, encryptor, and public and private key generator from the ransomware file.


complete source code of Babuk ransomware leaked Russian forum image 2


complete source code ff Babuk ransomware leaked Russian forum image 3



The leak appears to be authentic, as verified by other cybersecurity research groups. Moreover, this leak may also have some decryption keys for the gang’s previous victims. As a part of the Babuk ransomware gang’s encryption routine, it uses ECC or elliptic-curve cryptography. Although not yet confirmed, researchers have suspected that the leaked folder contains the curve files that could be the ECC decryption keys for all of the gang’s victims.

There are 15 folders with curve files that are suspected to be containing the decryption keys.


History of betrayal and backstabbing within Babuk Ransomware Group

The Babuk ransomware group has an unpleasant history of betrayal and backstabbing against each of its members, which has possibly caused the group’s separation. A significant report says that the Babuk group decided to split up right after the intensity of their attack versus the MPD or Washinton DC’s Metropolitan Police Department. An admin of the group has decided to leak the stolen data from MPD while other members are in contrast to that decision.

The original admins of the group have formed the Ramp cybercrime forum after the data leak attack. In contrast, the rest of the group has decided to launch the Babuk V2 to resuming ransomware attacks.


Just a few moments after the admins of Babuk has launched the Ramp cybercrime forum, they have been flooded with DDoS attacks, which made their new location dysfunctional. Though the Babuk V2 group has entirely denied being involved with the attacks, the admins remain firm to their allegations that their former partners are behind the attacks.

About the author

Leave a Reply