A hacker with terminal lung cancer decided to live his last days as a “human” – so he published the source code for the ransomware

Part of the source code for Papoc Source: BleepingComputer

It is not uncommon to find on hacker forums bragging about hacking, offers to sell stolen or 0 day databases, any new security breaches that have not yet been fixed. But this time, the ransomware source code posted on the forum, and the circumstances that led to it – are a bit rare.

Everything leaked before the end

A member of the hacker team that developed ransomware Babuk (also known as Babyk) posted on a Russian-language hacker forum earlier this month, revealing the source code for the software he developed and used in several attacks in the past year. As part of the unpacking, the same hacker released a number of projects in VisualStudio for the program, which he participated in creating – designed for VMWare ESXi, Windows and NAS environments. In the “Windows” folder posted by the hacker, there are all the necessary files that need to be validated in order to create a file that encrypts files that will be stolen as part of an attack; file to open encryption; and keygen to generate a public and private encryption key for stolen files. Examination of the leaked files further revealed that they contained encryption files and encryption keys that the group created to obtain information it had stolen from its previous victims.


Did you like the article? There are many such articles waiting for you

Did you like the article? There are many such articles waiting for you
On the Gikteam channel in Telegram

The hacker posted a link to what could be better defined as the “Basic Hackers Toolkit” that wants to use the software to carry out dual ransomware attacks, allowing the attacker to steal information first from companies that demand payment – and if they don’t, pay them dearly. If this sounds familiar to you, it is because it is an attack that has become very common – and many bodies in Israel have already suffered from one of them, the most famous of which is the insurance company Shirbit.

Source code and hacking tools

Screenshot from the forum. Source: vx-underground

According to security researchers from vx-underground, who first discovered the post, the hacker is a 17-year-old boy from Russia who is part of the founding team of Babuk. He says the reason the source code and tools are exposed is that he won’t last long and that he wants to live his last days “as a human”. However, it is not inconceivable that these were love struggles, control over former partners and an attempt to harm the opposing team. According to Bleeping Computer, the group of which the hacker was a member, and now all its source code and most important files are exposed on the web, after carrying out an attack using Papoc on the computers of the US police station. The team split into two competing teams: Babuk V2 and Ramp.


Oshri Alexelci

Neighborhood freak friendly. Do you have a technology story? Talk to me: [email protected]