fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Babuk Ransomware’s Full Source Code Leaked on Hacker Forum

Babuk Ransomware’s Full Source Code Leaked on Hacker Forum

A threat actor has leaked the complete source code for the Babuk ransomware on a Russian-speaking hacking forum.

Babuk Locker, also known internally as Babyk, is a ransomware operation launched at the beginning of 2021 when it began targeting businesses to steal and encrypt their data in double-extortion attacks.

After attacking the Washinton DC’s Metropolitan Police Department (MPD) and feeling the heat from U.S. law enforcement, the ransomware gang claimed to have shut down their operation.

However, members of the same group splintered off to relaunch the ransomware as Babuk V2, where they continue to encrypt victims to this day.

Also Read: 4 easy guides to data breach assessment

Source code released on a hacking forum

As first noticed by security research group vx-underground, an alleged member of the Babuk group released the full source code for their ransomware on a popular Russian-speaking hacking forum.

This member claimed to be suffering from terminal cancer and decided to release the source code while they have to “live like a human.”

A translated forum post on a hacking forum
Original post in Russian

As the leak contains everything a threat actor needs to create a functional ransomware executable, BleepingComputer has redacted the links to the source code.

The shared file contains different Visual Studio Babuk ransomware projects for VMware ESXi, NAS, and Windows encryptors, as shown below.

ESXi, NAS, and Windows Babuk ransomware source code

The Windows folder contains the complete source code for the Windows encryptor, decryptor, and what appears to be a private and public key generator.

Babuk Windows encryptor source code

For example, the source code for the encryption routine in the Windows encryptor can be seen  below.

Babuk encryption routine source code

Emsisoft CTO and ransomware expert Fabian Wosar and researchres from McAfee Enterprise have both told BleepingComputer that the leak appears legitimate. Wosar also stated that the leak may contain decryption keys for past victims.

abuk ransomware uses elliptic-curve cryptography (ECC) as part of its encryption routine. Included in the leak are folders containing encryptors and decryptors compiled for specific victims of the ransomware gang.

Wosar told BleepingComputer that these folders also contain curve files that could be the ECC decryption keys for these victims, but this has not been confirmed yet.

ECC curve file for Babuk victim

In total, there are 15 folders with curve files containing possible decryption keys.

Of tales of betrayal and backstabbing

Babuk Locker has a sordid and public history involving betrayal and backstabbing that led to the group splintering.

BleepingComputer has learned from one of the Babuk ransomware gang members that the group splintered after the attack on the Washinton DC’s Metropolitan Police Department (MPD).

After the attack, the ‘Admin’ allegedly wanted to leak the MPD data for publicity, while the other gang members were against it. 

“We’re not good guys, but even for us it was too much. )” – Babuk threat actor

After the data leak, the group splintered with the original Admin forming the Ramp cybercrime forum and the rest launching Babuk V2, where they continue to perform ransomware attacks.

Soon after the Admin launched the Ramp cybercrime forum, it suffered a series of DDoS attacks to make the new site unusable. The Admin blamed his former partners for these attacks, while the Babuk V2 team told BleepingComputer that they were not responsible.

“We completely forgot about the old Admin. We are not interested in his forum,” the threat actors told BleepingComputer.

To add to the group’s controversy, a Babuk ransomware builder was leaked on a file-sharing site and was used by another group to launch their own ransomware operation.

It appears that Babuk is not alone with stories of backstabbing and betrayals.

Also Read: 7 Client Data Protection Tips to Keep Customers Safe

After Wosar setup up a Jabber account for threat actors to contact him, he tweeted that he has received intel from threat actors who feel “wronged” by their partners and decided to leak information in revenge.

Wosar has told BleepingComputer that he has been able to use this intelligence to prevent ongoing ransomware attacks.

Update 9/3/21: McAfee Enterprise also confirmed that the source code is legitimate.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us