29 June 2021

Builder for Babuk Loker ransomware leaks online


Builder for Babuk Loker ransomware leaks online

Less than two weeks after the source code for the Paradise ransomware was released on the Russian-speaking hacker forum XSS, security researchers noticed that a builder for the infamous Babuk Loker ransomware leaked online prompting concern that cybercriminals could use it to develop their own ransomware strains.

The news was first reported by the news website The Record that obtained and tested a copy of the Babuk Locker “builder”. The builder allows to create custom versions of the Babuk Locker ransomware that can be used to encrypt files hosted on Windows systems, ARM-based network storage attached (NAS) devices, and VMWare ESXi servers. It also generates a decryptor for recovering encrypted files for every Babuk encrypter generated through the app.

The builder was uploaded on the VirusTotal malware scanning service and was discovered by British cybersecurity researcher Kevin Beaumont.

At the moment, it’s unclear if the cybercriminals behind the Babuk Loker ransomware tried to sell their ransomware builder to a third party in a transaction that went bad, or if the builder was leaked by a rival or a white-hat security researcher, The Record wrote.

In April this year, the Babuk Loker ransomware gang breached servers of the Metropolitan Police Department, also known as the DC Police or MPD, encrypted files and demanded a $4 million ransom. At the time, the group claimed to have stolen more than 250 gigabytes of data from MPD, including data on informants and police personnel.

In May, the group rebranded their ransomware leak site into Payload.bin and started offering it to other gangs to use it as a platform for publishing data stolen from their victims.

Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024