On Wednesday 27th of October 2021, Avast, a Czech cybersecurity software firm announced that they had released a free decryption tool for Babuk ransomware victims based on leaked source code and decryption keys. The decryptor is valid for victims who have had their files encrypted by the Babuk ransomware that used the following extensions: .babuk, .babyk, .doydo.
The source code for the ransomware that the Babuk gang uses was leaked on a Russian-speaking hacking forum in September by a threat actor who claimed to be a member of the Babuk ransomware group who was motivated to leak the source code by his terminal cancer condition.
The archive that contained the leaked source code included different Visual Studio projects for VMware ESXi, NAS, and Windows encryptors, and full source code for Windows encryptor, decryptor, and private and public key generators. Researchers also believe that the leak also included encryptors and decryptors compiled for specific victims of the ransomware gang.