Avast released a free decryptor for Babuk ransomware

Researchers from cybersecurity firm Avast released a decryption tool for Babuk ransomware that allows victims to recover their files for free.

Cybersecurity firm Avast has released a decryption tool for Babuk ransomware that allows victims to recover their files for free. The decryptor was created using the leaked source code and decryption keys.

Babuk is a Russian ransomware, its source code was leaked, along with some of the decryption keys, in September 2021.

The Babuk Locker operators halted their operations at the end of April after the attack against the Washington, DC police department. Experts believe that the decision of the group to leave the ransomware practice could be the result of an operational error, it was a bad idea to threaten the US police department due to the information that it manages.

The ransomware gang broke into the Washington, D.C., Metropolitan Police Department, encrypted its files and demanded a $4 million ransom.

At the end of May, the Babuk ransomware operators rebranded their ransomware leak site into Payload.bin and started offering the opportunity to other gangs to use it to leak data stolen from their victims.

The security research group vx-underground said that a Russian youngster, who is believed to be one of the developers of the Babuk gang, has been diagnosed with terminal cancer and decided to leak the complete Babuk source code for Windows, ESXI, NAS.

Some members of the group gang relaunched the RaaS as Babuk V2.

Once encrypted files, Babuk appends one of the following extensions to the file name:

• .babuk
• .babyk
• .doydo

Avast released a free decryptor for the Babuk ransomware here.

Researchers from Bleeping Computer tested the decryptor and determined that it “will likely work only for victims whose keys were leaked as part of the Babuk source code dump.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]