Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Paradise ransomware source code shared on hacker forum
The Paradise source code is publicly shared, available for download by all active members of the XSS.is forum. XSS.is is a forum for hackers, mostly Russian hackers.
Security researcher Tom Malka downloaded the source code then compiled it and confirmed that it produces three executables. The first file is the ransomware configurator, the second is the encryptor, and the third is the decrypter.
Scattered inside the source code are lines of comments in Russian. This shows that the author of this ransomware uses Russian.
Once they have the source code, hackers can create their own custom ransomware. Customizable sections include control server, encrypted extension file statement, and contact email address.
After the customization is complete, the hacker can deploy and distribute to the victim.
Welcome to Paradise
Ransomware Paradise first appeared in September 2017 through phishing emails containing malicious IQY attachments. Clicking on this file, the ransomware will be downloaded and installed on the victim's machine.
Over time, many versions of Paradise have been released because the first versions contained vulnerabilities that security experts could easily decipher. On the new versions, Paradise has used RSA encryption method, so it is much more difficult to decrypt.
According to Michael Gillespie, the creator of the decryptor for the first version of Paradise, the Paradise ransomware has the following versions:
- Paradise - Original version with holes
- Paradise .NET - .NET secure version switches to RSA encryption algorithm
- Paradise B29 - A variant that only encrypts the end of the file
Ransomware Paradise, which was heavily distributed in the period from September 2017 to January 2020, suddenly reduced the frequency of terrorizing victims. Until now, it is very rare to see computers infected with this ransomware.
Maybe Paradise will return once the source code is shared publicly.
Kareem WintersYou should read it
- List of the 3 most dangerous and scary Ransomware viruses
- STOP - Ransomware is the most active in the Internet but rarely talked about
- Ransomware can encrypt cloud data
- General guidelines for decoding ransomware
- What is Ransomware Task Force (RTF)?
- New variant of ransomware Arena Crysis appeared
- [Infographic] 7 effective ways to protect businesses from Ransomware
- Is Ransomware Annabelle scary with Annabelle movies?
May be interested
- What is source code? Learn about Source Code
source code or open source are probably terms you see often, such as open source games or open source software. so what exactly is source code, what is source code, what is open source code and what is closed source code? we will find the answer together through the article below. - 7 kinds of ransomware you didn't expectmost people know the process of making a ransomware, which is why ransomware creators are always looking to find and create new ransomware to make you pay. here are some new ransomware you should know.
- Microsoft admits that hacker Lapsus$ stole the source codea series of major technology companies in the world are becoming victims of the lapsus$ hacker group. after attacking nvidia, samsung and many other companies, recently this group of hackers also claimed to have successfully hacked microsoft and obtained part of the source code of bing and cortana in a block of data of nearly 37gb.
- Discovered new ransomware called White Rabbit, related to the notorious FIN8 hacker groupa new family of ransomware called white rabbit has just been discovered by researchers. according to research results, it is possible that this ransomware is a side activity of the notorious fin8 hacker group.
- Developer releases decryption key for Maze ransomware, Egregorthe master decryption key of the maze, egregor and sekhmet ransomware has just been posted by a user on the bleepingcomputer forum. this person claims to be the developer of the above ransomware.
- How to decode ransomware InsaneCrypt (Everbe 1.0)ransomware insanecrypt or everbe 1.0 is a ransomware family based on an open source project. this ransomware family is distributed through spam and hacked into remote desktop services, but this is not yet confirmed.
- Is Ransomware Annabelle scary with Annabelle movies?while most extortion codes are created to make money, some people create them to show their skills. that's the case of ransomware inspired by the horror film annabelle.
- Raidforums, the world's largest hacker forum, was taken down by police, admin arrestedraidforum, one of the largest black hat hacker forums where hackers buy and sell data, has had its domain name seized and has been inaccessible since late february.
- STOP - Ransomware is the most active in the Internet but rarely talked aboutthe fight against stop ransomware in particular and other ransomware strains in general is still very difficult and no appointment of an end date.
- Ryuk Ransomware has added 'selective' encryption capabilities.a new variant of ryuk ransomware has been found to have added ip addresses and blacklists of computer systems so that appropriate computers will not be encrypted.
Attack the network
- SolarMarker malware puts users at risk
- Hackers can spy on Samsung users with pre-installed apps
- Detecting new culprits attacking Windows 10
- Warning of Critical Vulnerability Affecting Realtek Wi-Fi Modules
- Mysterious cyber attack paralyzes the world's largest meat supplier
- This new ransomware is threatening unpatched Microsoft Exchange servers
SolarMarker malware puts users at risk
Hackers can spy on Samsung users with pre-installed apps
Detecting new culprits attacking Windows 10
Warning of Critical Vulnerability Affecting Realtek Wi-Fi Modules
Mysterious cyber attack paralyzes the world's largest meat supplier
This new ransomware is threatening unpatched Microsoft Exchange servers