{
	"id": "e78b3e82-5a0b-40b9-9874-ed2f0d1d03f4",
	"created_at": "2026-04-06T00:09:27.964021Z",
	"updated_at": "2026-04-10T03:21:12.509081Z",
	"deleted_at": null,
	"sha1_hash": "622521625f08ce4a2346ef274c4e5e7875e9415e",
	"title": "Babuk ransomware decryptor released to recover files for free",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3118141,
	"plain_text": "Babuk ransomware decryptor released to recover files for free\r\nBy Sergiu Gatlan\r\nPublished: 2021-10-27 · Archived: 2026-04-05 14:08:43 UTC\r\nCzech cybersecurity software firm Avast has created and released a decryption tool to help Babuk ransomware victims\r\nrecover their files for free.\r\nAccording to Avast Threat Labs, the Babuk decryptor was created using leaked source code and decryption keys.\r\nThe free decryptor can be used by Babuk victims who had their files encrypted using the following extensions: .babuk,\r\n.babyk, .doydo.\r\nhttps://www.bleepingcomputer.com/news/security/babuk-ransomware-decryptor-released-to-recover-files-for-free/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/babuk-ransomware-decryptor-released-to-recover-files-for-free/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nBabuk ransomware victims can download the decryption tool from Avast's servers and decrypt entire partitions at once using\r\ninstructions displayed within the decryptor's user interface.\r\nFrom BleepingComputer's tests, this decryptor will likely work only for victims whose keys were leaked as part of the Babuk\r\nsource code dump.\r\nAvast Babuk decryptor (BleepingComputer)\r\nRansomware and decryption keys leak\r\nBabuk gang's full ransomware source code was leaked on a Russian-speaking hacking forum last month by a threat actor\r\nclaiming to be a member of the ransomware group.\r\nThe decision to leak the code was motivated by the alleged Babuk member by his terminal cancer condition. He said in his\r\nleak post that he decided to release the source code while they have to \"live like a human.\"\r\nThe shared archive contained different Visual Studio Babuk ransomware projects for VMware ESXi, NAS, and Windows\r\nencryptors, with the Windows folder contains the complete source code for the Windows encryptor, decryptor, and what\r\nlooked like private and public key generators.\r\nIncluded in the leak were also encryptors and decryptors compiled for specific victims of the ransomware gang.\r\nAfter the leak, Emsisoft CTO and ransomware expert Fabian Wosar told BleepingComputer that the source code is\r\nlegitimate and that the archive may also contain decryption keys for past victims.\r\nhttps://www.bleepingcomputer.com/news/security/babuk-ransomware-decryptor-released-to-recover-files-for-free/\r\nPage 3 of 5\n\nBabuk Windows encryptor source code (BleepingComputer)\r\nBabuk's troubled history\r\nBabuk Locker, also known as Babyk and Babuk, is a ransomware operation that launched at the beginning of 2021 when it\r\nstarted targeting businesses to steal and encrypt their data as part of double-extortion attacks.\r\nAfter their attack on the Washington DC's Metropolitan Police Department (MPD) they landed in U.S. law enforcement's\r\ncross hairs and claimed to have shut down their operation after beginning to feel the heat.\r\nAfter this attack, the gang's 'Admin' allegedly wanted to leak the stolen MPD data online for publicity, while the other\r\nmembers were against it.\r\nFollowing this, Babuk members splintered off, with the original admin launching the Ramp cybercrime forum and the others\r\nrelaunching the ransomware under the Babuk V2 name, continuing to target and encrypt victims ever since.\r\nRight after the Ramp cybercrime forum's launch, it was targeted by a series of DDoS attacks that eventually led to the site\r\nbecoming unusable.\r\nWhile the Babuk Admin blamed his former partners for third incident, the Babuk V2 team told BleepingComputer that they\r\nwere not behind the attacks.\r\nhttps://www.bleepingcomputer.com/news/security/babuk-ransomware-decryptor-released-to-recover-files-for-free/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/babuk-ransomware-decryptor-released-to-recover-files-for-free/\r\nhttps://www.bleepingcomputer.com/news/security/babuk-ransomware-decryptor-released-to-recover-files-for-free/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/babuk-ransomware-decryptor-released-to-recover-files-for-free/"
	],
	"report_names": [
		"babuk-ransomware-decryptor-released-to-recover-files-for-free"
	],
	"threat_actors": [],
	"ts_created_at": 1775434167,
	"ts_updated_at": 1775791272,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/622521625f08ce4a2346ef274c4e5e7875e9415e.pdf",
		"text": "https://archive.orkl.eu/622521625f08ce4a2346ef274c4e5e7875e9415e.txt",
		"img": "https://archive.orkl.eu/622521625f08ce4a2346ef274c4e5e7875e9415e.jpg"
	}
}