Secret or private information may be leaked to an external attacker through the timing behaviour of the system running the untrusted code. We present a transformation technique for preventing timing leaks in finite-state probabilistic systems while preserving the semantics of the original system. The transformation involves the introduction of new "padded" control paths for patching time leaks and attempts to minimise the resulting additional running time overhead. Contrary to previous similar proposals, our padding technique is probabilistic in the sense that the transformation algorithm introduces time leak fixes only with a certain probability whenever they appear to be necessary. The resulting processes are therefore not always perfectly secure; we can nevertheless provide an estimate of their vulnerability by recording and accumulating the probabilities of the applied patches. This allows us to optimise the trade-off between vulnerability against timing attacks and additional costs such as running time, system size, etc.