[MART] - Daily Diary #342 - Babuk Ransomware Source Code Published

CTAS-MAT ctas-mat at appgate.com
Mon Sep 6 20:49:31 UTC 2021


I hope everyone is doing well!

Below is the entry for today.

09/06/2021 - Diary entry #342:

Covered in many of our Daily Diaries, Babuk is a ransomware group that operates in the double-extortion business model, publishing their victims' data into its platform if the ransom is not paid. Babuk's wall-of-shame is a deep web site named Payload Bin, currently monitored by our team's Ransom Tracker.

Babuk is known for the attacks against the Projekt Red and Washington DC police department, in April 2021. On September 3rd, a threat actor has leaked the source code for the Babuk ransomware on a Russian hacking forum.

Researchers stated that a Russian individual, who might be one of the developers of the Babuk ransomware, has been diagnosed with terminal cancer and decided to leak the complete source code for Windows, VMware ESXI - an enterprise-class system to deploy and manage virtual machines - and NAS (Network-Attached Storage).

Our team downloaded the leaked source code containing three versions for each system. Each one has the encryption and decryption source codes written in C++, and the Windows version has the Builder responsible for building all of the versions. There is also a keygen executable tool which is believed to be the private/public key generator, used in the encryption/decryption process.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Tarijon de Almeida
Malware Analyst

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>
O: +55 11 97467 9549

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210906/49a5bd8a/attachment.htm>

More information about the MART mailing list