A builder for the Babuklocker ransomware leaked online, and it allows anyone with little or no development experience to easily create an advanced version of the notorious encryptor virus.
A leaked version of the Babuk Locker ransomware allows users to create custom versions of the virus that can be used to encrypt files on Windows platform. The malware also generates decryptors for every encryptor that it generated. Ransomware hackers offer these to victims after they pay out a ransom.
The leaked Babuk Locker builder comes two months after a high-profile attack on the Washington, DC police department in late April, following which the group announced that it was stopping its operations.
Having retired in May, the group has rebranded its website as Payload.bin and launched a third-party hosting service for other ransomware gangs who can use it as their leak sites.
The code of the leaked builder was revealed online this week. It was made public when it was uploaded to a virus-scanning portal VirusTotal.
It is not clear how the builder leaked. It might have been that the Babuk gang tried to sell their builder to a third party who then leaked it or maybe a competitor or a white-hat security researcher did it.
The file was first discovered and reported by Kevin Beaumont, a British security researcher.
The leak of the Babuk builder comes two weeks after the Paradise ransomware’s source code was shared on a public hacking forum.
The two incidents raise concerns about how cybercrime gangs will carry out their attacks in the future, since many up-and-coming cybercrime gangs can now adopt the two tools to their needs.
“Hopefully this can be used to drive research on detection and decryption,” Beaumont said earlier today in a tweet referring to the fact that understanding how the Babuk strain works will help improve detection.
This was detailed in great technical detail in the 73-page Capgemini report [PDF].