The source code for the Paradise Ransomware has been released on the hacking forum XSS allowing threat actors to develop their own customized ransomware operation. The news of the availability of the source code was first reported by Tom Malka, a senior threat intelligence analyst for security firm Security, that reported it to BleepingComputer and The Record.
Malka compiled the source code and discovered that it creates three executables, the ransomware configuration builder, the encryptor, and a decryptor.
The analysis of the source code revealed the presence of comments in the Russian language that gives us an idea of the origin of the ransomware gang behind it.
Paradise Ransomware has been active since September 2017, its operators offer the malware with a Ransomware-as-a-Service (RaaS) model.
In October 2019, security experts at Emsisoft have developed a tool to decrypt files encrypted by the Paradise ransomware. The ransomware family encrypts files using Salsa20 and RSA-1024 and it appends several extensions to their filenames. The Paradise gang was very active until 2020, then its operations drastically dropped.
The availability of the source code online could allow other ransomware gangs to modify it and conduct their own campaigns.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, ransomware)
[adrotate banner=”5″]
[adrotate banner=”13″]
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all…
The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting…
This website uses cookies.