Search the Community

Showing results for tags 'ransomware'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
    • Moderators
    • Staff
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Pentesting Premium
  • Modders Section
  • PRIV8-Section
  • Pentesting Zone PRIV8
  • Carding Zone PRIV8
  • Recycle Bin
  • Null3D's Nulled Group

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

Found 66 results

  1. In an unprecedented move, Russia's Federal Security Service (FSB), the country's principal security agency, on Friday disclosed that it arrested several members belonging to the notorious REvil ransomware gang and neutralized its operations. The surprise takedown, which it said was carried out at the request of the U.S. authorities, saw the law enforcement agency conduct raids at 25 addresses in the cities of Moscow, St. Petersburg, Moscow, Leningrad and Lipetsk regions that belonged to 14 suspected members of the organized cybercrime syndicate. "In order to implement the criminal plan, these persons developed malicious software, organized the theft of funds from the bank accounts of foreign citizens and their cashing, including through the purchase of expensive goods on the Internet," the FSB said in a statement. In addition, the FSB seized over 426 million rubles, including in cryptocurrency, $600,000, €500,000, as well as computer equipment, crypto wallets used to commit crimes, and 20 luxury cars that were purchased with money obtained by illicit means. One of the most active ransomware crews last year, REvil took responsibility for high-profile attacks against JBS and Kaseya, among a string of several others. The U.S. government told Reuters that one of the arrested individuals was also behind the ransomware attack on Colonial Pipeline in May 2021, once again confirming REvil's connections to a second collective called DarkSide. The group formally closed shop in October 2021 after the U.S. intervened to take its network of dark web servers offline. The next month, law enforcement authorities announced the arrest of seven individuals for their roles as affiliates of the REvil ransomware family, even as the U.S. charged a 22-year-old Ukrainian citizen linked to the ransomware gang for orchestrating the Kaseya ransomware attack. All those detained have been charged with "illegal circulation of means of payment," a criminal offense punishable by up to six years in prison. The suspects weren't named, but Reuters noted that a Moscow court identified two of the men as Roman Muromsky and Andrei Bessonov. The crackdown also comes as threat actors likely affiliated with Russian secret services crippled much of the Ukrainian government's public-facing digital infrastructure, in addition to defacing some of them with messages that alleged people's personal data had been made public and that the information stored in the servers was being destroyed. It remains to be what impact the arrests will have on the larger ransomware ecosystem, which has by and large continued to flourish despite a number of law enforcement actions, partly driven by Russia's willingness to look the other way when it comes to harboring cybercriminals in the country, effectively allowing the bad actors to operate with impunity. "While we are still looking to understand the true impact of these arrests, we applaud the Russian government for the actions it took today with regard to the REvil criminal ransomware group," Matt Olney, director of threat intelligence and interdiction at Cisco Talos, told The Hacker News. "It's important that criminal cyber actors and organizations not be allowed to operate with impunity. And so any result that leads to degrading of their capabilities is undoubtedly a good thing." Source
  2. Why should I care? RPC is the underlying mechanism which is used for numerous lateral movement techniques, reconnaissance, relay attacks, or simply to exploit vulnerable RPC services. DCSync attack? over RPC. Remote DCOM? over RPC. WMIC? over RPC. SharpHound? over RPC. PetitPotam? over RPC. PsExec? over RPC. ZeroLogon? over RPC… well, you get the idea What is it used for? Install the RPC Firewall and configure it to audit all remote RPC calls. Once executing any remote attack tools, you will see which RPC UUIDs and Opnums were called remotely. Remote RPC Attacks Detection When the RPC Firewall is configured to audit, it writes events to the Windows Event Log. Forward this log to your SIEM, and use it to create baselines of remote RPC traffic for your servers. Once an abnormal RPC call is audited, use it to trigger an alert for your SOC team. Remote RPC Attacks Protection The RPC Firewall can be configured to block & audit only potentially malicious RPC calls. All other RPC calls are not audited to reduce noise and improve performance. Once a potentially malicious RPC call is detected, it is blocked and audited. This could be used to alert your SOC team, while keeping your servers protected. What are the RPC Firewall Components? It is made up of 3 components: RpcFwManager.exe – In charge of managing the RPC Firewall. RpcFirewall.dll – Injected DLL which performs the audit & filtering of RPC calls. RpcMessages.dll – A common library for sharing functions, and logic that writes data into Windows Event Viewer. Changelog v1.0.3 Event Log changed to “RPCFW” Event Log size is now 2MB C++ Refactoring Code is signed, resolves #9 [hide][Hidden Content]]
  3. rpcfirewall: Open Source Ransomware Kill Switch Tool Why should I care? RPC is the underlying mechanism which is used for numerous lateral movement techniques, reconnaissance, relay attacks, or simply to exploit vulnerable RPC services. DCSync attack? over RPC. Remote DCOM? over RPC. WMIC? over RPC. SharpHound? over RPC. PetitPotam? over RPC. PsExec? over RPC. ZeroLogon? over RPC… well, you get the idea What is it used for? Research Install the RPC Firewall and configure it to audit all remote RPC calls. Once executing any remote attack tools, you will see which RPC UUIDs and Opnums were called remotely. Remote RPC Attacks Detection When the RPC Firewall is configured to audit, it writes events to the Windows Event Log. Forward this log to your SIEM, and use it to create baselines of remote RPC traffic for your servers. Once an abnormal RPC call is audited, use it to trigger an alert for your SOC team. Remote RPC Attacks Protection The RPC Firewall can be configured to block & audit only potentially malicious RPC calls. All other RPC calls are not audited to reduce noise and improve performance. Once a potentially malicious RPC call is detected, it is blocked and audited. This could be used to alert your SOC team, while keeping your servers protected. What are the RPC Firewall Components? It is made up of 3 components: RpcFwManager.exe – In charge of managing the RPC Firewall. RpcFirewall.dll – Injected DLL which performs the audit & filtering of RPC calls. RpcMessages.dll – A common library for sharing functions, and logic that writes data into Windows Event Viewer. [hide][Hidden Content]]
  4. Ransomware Decryption Tools Hit by ransomware? Don’t pay the ransom! Our ransomware decryption tools can help decrypt files encrypted by the following forms of ransomware. Just click a name to see the signs of infection and get our free fix. AES_NI Alcatraz Locker Apocalypse AtomSilo & LockFile Babuk BadBlock Bart BigBobRoss BTCWare Crypt888 CryptoMix (Offline) CrySiS EncrypTile FindZip Fonix GandCrab Globe HiddenTear Jigsaw LambdaLocker Legion NoobCrypt Stampado SZFLocker TeslaCrypt Troldesh / Shade XData [hide][Hidden Content]]
  5. Avast Ransomware Decryption Tools – contains all 20 available ransomware decrypters available from Avast. Currently, Avast has free tools to unlock (decrypt) computers infected with the following ransomware. • AES_NI • Alcatraz Locker • Apocalypse • BadBlock • Bart • BTCWare • Crypt888 • CryptoMix (Offline) • CrySiS • EncrypTile • FindZip • Globe HiddenTear • Jigsaw • Legion NoobCrypt • Stampado • SZFLocker • TeslaCrypt • XData [hide][Hidden Content]]
  6. Avast Ransomware Decryption Tools – contains all 20 available ransomware decrypters available from Avast. Currently, Avast has free tools to unlock (decrypt) computers infected with the following ransomware. • AES_NI • Alcatraz Locker • Apocalypse • BadBlock • Bart • BTCWare • Crypt888 • CryptoMix (Offline) • CrySiS • EncrypTile • FindZip • Globe HiddenTear • Jigsaw • Legion NoobCrypt • Stampado • SZFLocker • TeslaCrypt • XData [hide][Hidden Content]]
  7. Leaked source code of the babuk ransomware by VXUG Use For Educational Purposes Only [Hidden Content]
  8. An open-source ransomware tool written in .NET. Disclaimer The tool is intended for research and threat emulation purposes only. I'm not reponsible for any malicious uses of this tool. [Hidden Content]
  9. ONLY FOR EDUCATIONAL PURPOSES [Hidden Content]
  10. Fully functional ransomware that uses minimum resources to give maximum output TASK LIST Encrypt all files except system specific ones Encrytion must only be decrypted with a special key Send the credentials of the victim to the attacker via secure tunnel, preferably NGROK Pop up box should appear after encryption asking for ransom Create a server to retrieve information sent by the victim Add custom extension to encrypted files Generate an exe file to be sent to victims Graphical User Interface (Victim side) Graphical User Interface (Attacker side) Create Windows Defender bypass script [hide][Hidden Content]]
  11. **only for educational purpose** [hide][Hidden Content]]
  12. Big Data

    Reverse Engineering Ransomware

    Description ـــــــــــــــــــــــــ The aim of this course is to provide a practical approach to analyzing ransomware. Working with real world samples of increasing difficulty, we will: Deep dive into identifying the encryption techniques, Navigate through various evasion tricks used by malware writers, Have fun discovering flaws in their logic or the implementation and Work out automated ways to recover the affected files. If you're already familiar with the basics and want to dive straight into advanced samples, navigate anti-virtualisation and anti-analysis tricks, and write C and Python decryptors for custom crypto algorithms, please check out our Advanced Reverse Engineering Ransomware course! Requirements ــــــــــــــــــــــــــــــــ -Basic programming knowledge -A computer that can run a Windows virtual machine. -An interest in disassembling things and understanding how they work! -Patience and perseverance to “try harder”. Who this course is for: ــــــــــــــــــــــــــــــــــــــــــــــــــــ -Security testers -Malware analysts -Forensics investigators -System administrators -Information security students -Anyone interested in ransomware and malware analysis [hide] [Hidden Content]]
  13. Source Code of Jigsaw Ransomware Created in Vb.Net. Warning: This project is Education purpose only, I'm not Responsible for any damage or harm [hide][Hidden Content]]
  14. Crypto Ransomware Warning: This project is Education purpose only, I'm not Responsible for any damage or harm Function 1.) Encrypt your data 2.) Show fake windows update screen during enrypting your data 3.) Kill TaskMnager and Explorer.exe 4.) Lock Your Computer 5.) Delete it self after complete all task [hide][Hidden Content]]
  15. Open source Ransomware with advanced Features. It is also compatible with offline-Victim. Description Nopyfy-Ransomware is Open source Ransomware. you can download it's source Code from above. it is similar to hidden-tear ransomware but nopyfy is ahighly-upgraded version of hidden tear. It has more feature than hidden tear and also very easy to use beacause all things which user can fill are in one place and also Nopyfy prevent from Victim data lost by encrypt and save in localy when user are offline during attack. Nopyfy use symmetric AES algorithm to encrypt files. Nopyfy is very easy to use, Try it. Features that you will use Ransomware size is only 22kb AES algorithm to encrypt files Send encryption key by - PHP,SMTP,Ftp Save localy encrypted victim data with name user-id Password will encrypt by your entered password Get password with user-id if user offline during attack(Using Nopyfy-information-decrypter) Save generated Victim data in Your databases All informations are sent if there is an internet connection and the ransomware wait for it if there isn't. You can see Victim data by Webpanel and Mail and Ftp and result.txt (automatic created file in file-manager) and also in MySql database it can encrypt upto 68 file-type It now encrypts a wider variety of file types and has a changing desktop wallpaper and also create READ_IT.txt file with information and User-id and save it in many location Nopyfy decrypter give massege for file are decrypted or not Nopyfy decrypter change dekstop bacgroung after successful decryption By User-id, you will able to get Victim information(encryption key, ip, time, username and pc name, etc) byNopyfy-information-decrypter Features Of Nopyfy for getting Victim data PHP Webserver (Only Php version 5.6 are supported) SMTP Mail Ftp Server(Encrypted form) Save localy(With encrypted password and Victim data) [hide][Hidden Content]] Legal Warning for Users While this may be helpful for some, there are significant risks. Nopyfy may be used only for Educational Purposes Only. Do not use it as a ransomware! You could go to jail on obstruction of justice charges just for running Nopyfy, even though you are innocent. I am not responsible for any crime done by Nopyfy-Ransomware-source-code
  16. itsMe

    Delphi Ransomware

    Delphi Ransomware Delphi Ransomware Source by NULL [hide][Hidden Content]]
  17. Disclaimer The author is not responsible for any issues or damage caused by this program. Features User can customize: app_icon - custom icon application app_name - custom name application alert_title - custom alert title alert_desc - custom alert description key_pass - custom key for unlock devices [hide][Hidden Content]]
  18. TRY ON VM ONLY. Ryuk .Net Ransomware overwrites all files on the computer (It means nobody can ever return files back) and makes it at least 2 times faster than other ransomwares.It drops read_it.txt for startup folder and all folders which files has been encrypted. This project depends on your donation. Please donete if you want to see next releases in the future This ransomware can change file extension randomized or you can type your own extension. Write your own message and victim will see only that note. readme.txt wil be dropped on every folder which files has been encrypted Encrypted File seems like this [Hidden Content]
  19. Why We see ransomware delete all shadow copies using vssadmin pretty often. What if we could just intercept that request and kill the invoking process? Let’s try to create a simple vaccine. Raccine 1.4.4 fix broken installer [hide][Hidden Content]]
  20. itsMe

    PHP Ransomware

    PHP ransomware that encrypts your files, as well as file and directory names. Ransomware is set to start encrypting files and directories from the server's web root directory and only inside the server's web root directory. Ransomware will self-destruct upon running, which means you only have one chance at decrypting your data. Keep also in mind that each decryption file has a uniquely generated salt used in encryption and as such cannot be replaced with another decryption file. Tested on XAMPP for Windows v7.4.3 (64-bit) with PHP v7.4.3. Made for educational purposes. I hope it will help! IMPORTANT!: Please DO NOT use this ransomware for illegal purposes! I have no liability over your actions! [hide][Hidden Content]]
  21. Nitro Ransomware - Proof of Concept Uses Discord nitro gift subscription as ransom. C# Ransomware for educational purposes only Features AES Encryption/ Decryption Adds to startup registry Grabs user's PC username, name, and uuid Discord Nitro Checker Token Grabber IP Grabber Discord Webhook Logs [hide][Hidden Content]]
  22. Disclaimer The author is not responsible for any issues or damage caused by this program. Features User can customize: app_icon - custom icon application app_name - custom name application alert_title - custom alert title alert_desc - custom alert description key_pass - custom key for unlock devices [hide][Hidden Content]]
  23. Please read This project was made to demonstrate how easy ransomware are easy to make and how it work. The script works on Windows, Linux and MacOS. It is recommended to compile payload.py to EXE format to make it more portable. I do work on security awareness trainings and test the IT security and safety for other companies and you guessed it; this was made for the demo section of my presentation, NOT TO EARN MONEY OR BRICK PEOPLES COMPUTERS. This script does not get detected by any anti-virusses. Self made scripts go undetected 99% of the time. It's easy to write something nasty like ransomware, adware, malware, you name it. Again, this script was for research only. Not ment to be used in the open world. I am not responsible for any damage you may cause with this knowledge. I recommend using a VPN that allows port forwarding (For example; PIA VPN) when using this outside your network, or better, a cloud computer hosted elsewhere, like Amazon AWS. The conclusion of this project is that it is easy to brick a system and earn money doing it. This script doesn't use any exploits to achieve its goal, but can easily be coded into it as a nice feature. Features Generate a ransomware payload With or without GUI payload FUD (Fully Undetectable by Anti-Virus) Works on Windows, MacOS and Linux Super fast encryption with PyCrypto Compile to EXE, APP or Unix/Linux executable Custom icon for your EXE payload Receive keys of victims Decrypt files Demo mode (payload won't encrypt anything) Fullscreen mode (Warning takes over the screen) Custom warning message for your victim Custom image in your payload Ghost mode (Rename by adding .DEMON extention instead of encrypting the files) Multiple encryption methods Select file extentions to target Decide if payload should self-destruct (Console mode feature only) Decide wich drive to target for encryption (working directory) Verified server access through port forwarding VPN Encode payload as Morse code [hide][Hidden Content]]
  24. K7 Scanner for Ransomware & BOTs – comes with an award-winning Antivirus scanner that runs in parallel with any Antivirus software currently installed on your PC. Its Deep Scanning technology eliminates high risk BOTs and Ransomware. Features • Scans and removes high risk BOTs and Ransomware(including WannaCry) • Runs seamlessly with your existing Anti-Virus application • No installation required. Can be run from a USB drive [Hidden Content] [hide][Hidden Content]]
  25. With this proyect we will be able to handle the data of the victims we obtain with Baphomet Ransomware. BaphoDashBoard is developed in C# under frame work dotnet-core 3.1. Both Baphomet Ransomware and BaphoDashBoard proyects are thrown out for educational purposes and so we can get something out of it to learn new things. DashBoard features Generate .exe to encrypt data. Generate .exe to decrypt data. When we generate the ransomware, we keep the rsa keys that encrypt the symmetric key in charge of encrypting the files. Location of each victim shown on map. Graphics for better visualization. We can obtain the data of all our hosting servers. Handling of each baphomet.exe that we generate. Victims details and more using web scraping. Requirements Dotnet core 3.1 SDK & RunTime download link: [Hidden Content] Operating systems tested to date to run Bapho-Dashboard Windows 10 Mac OS Mojave Warning! I Am Not Responsible of any Illegal Use [hide][Hidden Content]]