Search the Community

Showing results for tags 'ransomware'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Staff Control
    • Staff Announcements
    • Moderators
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Cracking Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Premium Accounts
  • Modders Section
  • PRIV8-Section
  • Cracking Zone PRIV8
  • Carding Zone PRIV8


There are no results to display.

There are no results to display.

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



About Me










Found 32 results

  1. A Ransomware and Ransomware Builder for Windows written purely in Python Created for security researchers, enthusiasts and educators, Crypter allows you to experience ransomware first hand. The newly released v3.0 is a complete overhaul that drastically simplifies setup and brings the package up-to-date to work with Python 3.6 and above. Crypter - Python3 based builder and ransomware compiled to Windows executable using PyInstaller What's New? (v3.0) Decryption key validation check before attempting decryption Overhaul to support Python 3.6 and above Drastically simplified dependency installation Crypter - 3.4 Released this on 6 May Numerous fixes and improvements [hide][Hidden Content]]
  2. shahg

    Stampado ransomware

    Hi anyone has Stampado ransomware kndly share it Thx
  3. DeathRansom - A Ransomware Developed In Python, With Bypass Technics, For Educational Purposes What is a ransomware? A ransomware is malware that encrypts all your files and shows a ransom request, which tells you to pay a set amount, usually in bitcoins (BTC), in a set time to decrypt your files, or he will delete your files. How it works? First, the script checks if it's in a sandbox, debugger, vm, etc, and try bypass it. It then encrypts all files starting with the defined directory on the line 60 in Then, downloads the ransom request script, disable cmd, taskmanager and the registry tools. And starts the counter to delete the files. Bypass Technics Anti-Disassembly Creates several variables to try to make disassembly difficult. Anti-Debugger Checks if a debugger is active using the ctypes function: windll.kernel32.IsDebuggerPresent() Anti-Vm Checks if the machine's mac is the same as the standard vms mac. Anti-Sandbox Sleep-Acceleration Some sandboxes speed up sleep, this function checks if nothing out of the ordinary has occurred. Sandbox in Process Checks if have any sandbox in running processes Display-Prompt Shows a message, if the user interact with the pop up, the malware will be executed. Idle-Time Sleeps for a while and proceed. Some sandboxes wait for a while and stop running, that tries to bypass this. Check-Click If the user does not click the number of times necessary the malware not will be executed. Check-Cursor-Pos If the user not move the mouse in a seted time the malware not be executed. [HIDE][Hidden Content]]
  4. Ransomware Defender Scans, Detects and Protects from Ransomware Malicious Attempts! Overview ShieldApps’ Ransomware Defender deals with known ransomware in a way no other solution can. Specially designed for detecting and blocking ransomware prior to any damage, Ransomware Defender blacklists and stops both common and unique ransomware. Once installed, Ransomware Defender stands guard 24/7 utilizing active protection algorithms enhanced with user-friendly alerts and notifications system. Ransomware Defender is fully automated, taking care of all threats via an advanced Scan > Detect > Lock Down mechanism that proactively stands guard to detected threats, and works alongside all main antiviruses and anti-malware products! Ransomware Defender also features a scheduled automatic scan, secured file eraser, lifetime updates and support! NEW! – added protection from online threats! Ransomware Defender will block malicious websites and online scripts from attacking your computer. [Hidden Content] [HIDE][Hidden Content]]
  5. What is nodeCrypto? nodeCrypt is a linux Ransomware written in NodeJs that encrypt predefined files. This project was created for educational purposes, you are the sole responsible for the use of nodeCrypto. To Do GUI exe creator Edit basic variable Export cross-plateform Client (victim) Encrypt webserver Use private key for encryption Adapt SSL Server Recover data (user + encrypted file) Format the database Make GUI for webserver Make an executable to decrypt the files (Only on request! Contact me) [HIDE][Hidden Content]]
  6. Verci Spy System RAT | Ransomware | NSA Exploits | UAC | Spread Verci Spy System OR Verci_Spy_System This Tool Was Designed By US,This Tool is a Remote Access Trojan That you can Take over any Windows machine into your control and can do many things within that infected PC , also the infected PC will have a virus that will spread rapidly within usb-sticks and make other safe PCs infected too , by inserting the usb into it and click any of the shortcuts and so on . That Tool was designed for some educational purposes and some testing for PC security and we are not responsible for any illegal use for it , this tool also designed for a Better Hacking Visual Effects , that can deliver you a feeling of real hacker , you can use it within hacking movies , and have some animations and a localization map for detecting victims allover the world ,and Verci Wasn`t Cracked after it`s trial version was release , but the installer wasn`t cracked before , also Our XPR Tool , but we will not going into same mistake and not release any trial version for free . and this is program options that you can do with the infected PC and you took control on it : 1-UAC (User Access Control) Manager (Enable or Disable) 2-Open remote Webcam / Microphone 3-Control Remote Desktop 4-File Manager Controller 5-Process Manager 6-Regedit Controller 7-Services Manager 8-Devices & Printers Viewer 9-Active Windows Manager 10-View Remote WiFi Networks 11-View Saved WIFI Passwords 12-Ransomwares [ You Have 2 Ransomwares] (Try anyone you wish) 13-WiFi Hotspot Creator [Use any other device to check the Hotspot] 14-Lan Computer Manager [Lan Spread (Premium Only)] 15-Network Connections/Drivers Manager 16-Scan Remote websites ports 17-Scan Lan network devices ports 18-Manage installed Programs 19-Unmovable chat system 20-Clipboard Manager [Images & Text] (Set & Get Clipboard) 21-Remote Command prompt 22-Code Compiler 23-Saved Password Stealer (Updated) 24-Remote Keylogger (Offline/Online) 25-DDOS Attack Manager / Http Flooder 26-Full Computer information Manager 27-(Installed Pyhton Scripts) a) This Option allow you to install Sqlmap Script in Client PC and Hack any infected sites using it _By this way Client PC will be saved in site logs not your PC 28-Run File (From Disk/Url) 29-Open Url (Default Browser)[Or](Any Browser) 30-Automatic Victim Transfer Option [Transfer to any host or external IP] 31- NoIP Updater 32-Ransomware Builder [Build own Ransomware with your own Bitcoin] 33-Notify With Client Webcam image 34-Spam options : a) You can open fake Facebook login page in Client PC and grab passwords in keylogger b) You can open fake Paypal login page in Client PC and grab passwords in keylogger c) You can open fake Visa card number confirmation page in Client PC and grab information in keylogger 36-Auto Share Client Drivers over Lan Ransomware Builder Manager : This is the scheme of Ransomware *) Generate Random password of 15 random chosen Characters *) Start Encrypting all files exist in user Directory using the password *) Kills explorer.exe *) Kills Microsoft.Exchange *) Kills MSExchange *) Kills sqlserver.exe *) Kills sqlwriter.exe *) Kills mysqld.exe *) Delete all Shadow copies *) Usb spread (shortcut)[.lnk] *) Keep loop to Encrypt all files exist in other Drives using the password Available Trojans : 2 Trojans - 2 Downloaders: a) Full Control (Size : 400 Kilobytes) b)Worm Control (Size : 170 Kilobytes) c).exe Downloader (Size : 11 Kilobytes) d).vbs Downloader (Size : 909 Bytes) Preview Image 1 : You can now Enter Free Port You Choose Manual and Click Ok Preview Image 2 : Fast Look To Exit FullScreen Press "Click To Restore" Downloads: [Hidden Content]
  7. dEEpEst

    pycryptor Ransomware

    pycryptor A short, sweet, PoC Python Ransomware (+A file vault for protecting the users files) using Advanced Encryption Standards. The program uses the AES-GCM-256 for its work. [Hide][Hidden Content]]
  8. dEEpEst

    Mock Ransomware

    "# mock-ransomware" Release\ransomware.exe Go to test folder, notice the permission changes, change them back to see the encrypted text Delete copied malware inside of \\Users\\<name>\\ransomwaredirectory open up regedit to also delete persistent keys reg DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ransomware_pwn /f The operation completed successfully. reg QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Run to verify To view the driver installed C:\> sc query MyCustomBeep SERVICE_NAME: MyCustomBeep TYPE : 1 KERNEL_DRIVER STATE : 1 STOPPED WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : [Hide][Hidden Content]]
  9. "De acuerdo a las cifras ofrecidas por KasperskyLab, el aumento de nuevas amenazas de ransomware se ha intensificado casi al doble." 7,620 - 2018 - Amenazas de Ransomware 16,017 - 2019 Amenazas de Ransomware Al igual, que los números de usuarios infectados (victimas) del ransomware. 158.921 usuarios afectados 2018 230.000 usuarios afectados 2019 13 tips para evitar la infeccion Realizar periódicamente Backups de tu información. Se recomienda tener copias de nuestra informacion en medios como la nube, otro en físico, como memorias USB y discos duros portátiles. Mantener el Sistema Operativo actualizado hasta la ultima versión. Contar con software antivirus que tenga funciones anti-ransomware Aumentar la seguridad de tus dispositivos moviles como SmartPhones y Tablet. En 2017 Google elimino mas de 700,000 aplicaciones maliciosas de la PlayStore. De ser posible implementar extensiones anti-malware a los navegadores. Mantener actualizado los antivirus. Establecer filtros de seguridad en los e-mail, corporativos o no. No descargar archivos de ningún tipo de fuentes poco confiables o no oficiales. Contar con un repertorio de herramientas anti-ransomware. Esto debido a que existen herramientas especificas para un tipo de ransomware. Prepara un plan de respuesta y de ser necesario capacita a tus empleados o usuarios de la red, como a tu familia. Ejecuta análisis periódicos en busca de amenazas en tus equipos No pagar el rescate. En muchos casos, usuarios han pagado el rescate y no recuperaron ni su información ni sus equipos. Usar el sentido común y no dar clic en todo lo que veamos. Fuente
  10. dEEpEst

    HiddenTear Ransomware

    _ _ _ _ _ | | (_) | | | | | | | |__ _ __| | __| | ___ _ __ | |_ ___ __ _ _ __ | '_ \| |/ _` |/ _` |/ _ \ '_ \ | __/ _ \/ _` | '__| | | | | | (_| | (_| | __/ | | | | || __/ (_| | | |_| |_|_|\__,_|\__,_|\___|_| |_| \__\___|\__,_|_| It's a ransomware-like file crypter sample which can be modified for specific purposes. Features Uses AES algorithm to encrypt files. Sends encryption key to a server. Encrypted files can be decrypt in decrypter program with encryption key. Creates a text file in Desktop with given message. Small file size (12 KB) Doesn't detected to antivirus programs (15/08/2015) [Hidden Content] Demonstration Video [Hidden Content] Download: [HIDE][Hidden Content]]
  11. Multiple Bugs in Canon DSLR Camera Let Hackers Infect with Ransomware Over a Rouge WiFi Access Point * Researchers discovered multiple critical vulnerabilities in Picture Transfer Protocol (PTP) that allows attackers to infect the Canon DSLR camera with ransomware to encrypt the pictures and demand the ransom. * An attacker who is very close with the victim’s WiFi or already hijacked computers with the USB access could propagate them to infect the cameras with deadly malware and ransomware.
  12. dEEpEst

    NodeCrypt - Linux Ransomware

    What is nodeCrypto? Install server Install and run Screenshot What is nodeCrypto? nodeCrypt is a linux Ransomware written in NodeJs that encrypt predefined files. This project was created for educational purposes, you are the sole responsible for the use of nodeCrypto. Install server Upload all file of server/ folder on your webserver. Create a sql database and import sql/nodeCrypto.sql Edit server/libs/db.php and add your SQL ID. Install and run git clone [Hidden Content] cd nodeCrypto && npm install You must edit first variable in index.js Once your configuration is complete, you can start the ransomware. node index.js The files at the root of the web server will encrypt and send to the server. Screenshot To Do Client (victim) Encrypt webserver Use private key for encryption Adapt SSL Server Recover data (user + encrypted file) Format the database Make GUI for webserver Make an executable to decrypt the files (Only on request! Contact me) [Hidden Content]
  13. itsMe

    Ransomware Decryptors

    [Hidden Content]
  14. GonnaCry Ransomware GONNACRY – LINUX RANSOMWARE THAT ENCRYPTS ALL USER FILES GonnaCry Rasomware Original Repository of the GonnaCry Ransomware. This project is OpenSource, feel free to use, study and/or send pull request. GonnaCry is a linux ransomware that encrypt all user files with strong encryption scheme. There is two versions of the Ransomware Code: C and Python. How this ransomware works: [Hidden Content] [Hidden Content] How this ransomware encryption scheme works: [Hidden Content] Mentions: [Hidden Content] [Hidden Content] [Hidden Content] Disclaimer This Ransomware musn't be used to harm/threat/hurt other person's computer. It's purpose is only to share knowledge and awareness about Malware/Cryptography/Operating Systems/Programming. GonnaCry is a academic ransomware made for learning and awareness about secutiry/cryptography. Be aware running C/bin/GonnaCry or Python/GonnaCry/ Python/GonnaCry/bin/gonnacry in your computer, it may harm. What's a Ransomware? A ransomware is a form of malware that prevent legitimate users from accessing their device or data and asks for a payment in exchange for the stolen functionality. They have been used for mass extortion in various forms, but the most successful seem to be encrypting ransomware: most of the user data are encrypted and the key can be retrieved with a payment to the attacker. To be widely successful a ransomware must fulfill three properties: Property 1: The hostile binary code must not contain any secret (e.g. deciphering keys). At least not in an easily retrievable form, indeed white box cryptography can be applied to ransomware. Property 2: Only the author of the attack should be able to decrypt the infected device. Property 3: Decrypting one device can not provide any useful information for other infected devices, in particular the key must not be shared among them. Objectives: encrypt all user files with AES-256-CBC. Random AES key and IV for each file. Works even without internet connection. Communication with the server to decrypt Client-private-key. encrypt AES key with client-public-key RSA-2048. encrypt client-private-key with RSA-2048 server-public-key. Change computer wallpaper -> Gnome, LXDE, KDE, XFCE. Decryptor that communicate to server to send keys. python webserver Daemon Dropper Download: [HIDE][Hidden Content]]
  15. TheFOX

    Philadelphia ransomware

    Philadelphia ransomware is a RaaS which let you create and manage your own ransomware Comes with usb spread lab spread and blah blah blah How to use 1.Download 2.Open 3.Create bridge and upload on any webhost or shelled website 4.enter bridge url bridge and create payload and change btc address and ammount Download [Hidden Content] Don't forget to give +rep ::Blackhat::
  16. dEEpEst

    Angie Ransomware

    Angie-Ransomware Professional ransomware for educational purposes Angie-Ransomware is x32 bit ransomware that is designed to target mainly x64 Windows but still supports x32 bit of course, She by design can bypass almost all sandboxes by using its own NTDLL stubs from Windows 7 to Windows 10 1809, if the version of windows is newer than Windows 10 1809 will load the addressed from NTDLL.DLL and use them. Another trick that she does is if she is under Wow64 after connecting to master and retrieves a encryption key, she will switch to long mode and operate on x64 user space, this switch is the killer for almost all sandboxes and debuggers and its the biggest defence. Its still under development. Tools Visual Studio 2017/2019 Intel System Studio 19.0 Windows SDK 10.0.17763.0 Sysinternals Suite Make from Mingw Nasm Cool people [Hidden Content] Some images Download: [HIDE][Hidden Content]]
  17. [Hidden Content]
  18. [Hidden Content]
  19. dEEpEst

    Simple Ransomware

    Simple Ransomware Description This is a simple ransomware build with C# Automatically create parent application, can replace address BTC you're copying (BTC Stealer) Combine using fake application [Hidden Content]
  20. [Hidden Content]
  21. Ransomware Forces Two Chemical Companies to Order ‘Hundreds of New Computers’ It appears that LockerGoga, the same ransomware that hit aluminum manufacturing giant Norsk Hydro this week, also infected American chemicals companies Hexion and Momentive, leaving employees locked out of their computers.
  22. Features of the bot: - Graber cards - Spam on user contacts - Calling the number - Forwarding incoming calls - Launching user applications - Automatic withdrawal of fake notifications, with taken bank icons - Interception, block-deleting incoming SMS, sending, including short numbers - Download all user application names - Graber contacts - Screen locker - Launch pages in the browser - Launch user applications - Search for Bank applications - Browser history graber - Socks5 module - Sending USSD - Geolocation - Spam by number base Admin panel: Detailed statistics on countries, app, url histories, selerians, etc. The ability to issue commands to a particular bot, group, as well as all newcomers. Search by imei, sorting by installed applications, online bots, seler, countries. Cleaning of old logs. Separate statistics for traffic. Jabber notification. There is a possibility to load their injections, with the admin panel. Search by SMS, logs. Searching for links by history. The statistics for the tasks that have been issued are fulfilled. Etc. Additional info: The size of the bot is 150 kb. Stable work on Android 4-7. For basic work, root rights are not required. Request admin rights. To change the phone password, you need the admin rights (requested when installing). Change the password to Android Nougat (Android 7) version in part. Sending and intercepting SMS on all versions, deleting up to 4.4, downloading all SMS from 4.4, block SMS over 4.4 via SMS manager / Screen Locker (when locked via SMS manager, SMS is not seen only by the Holder). Permanent withdrawal of bank (fake) notifications with bank icons, the text can be set with the admin panel when you click on the message the injection is started. In the presence of injections of euro countries, they are bundled with a bot. An additional functional is possible. Android Bot Loki We want to offer a bot of our own developments. A completely new bot engine, the wishes of the customers are part of the functions of are automated, advanced functionality. Bot features: - Card grabber - Phone contacts spam - Custom numbers spam - Call to number - Incoming call forwarding - Start user applications - Automatic invoke fake notifications with custom icons - Catch, block, delete incoming SMS. Sent new SMS - Get list of user applications - Contact grabber - Screen locker - Web application browser - Bank applications searching - Browser history grabber - Socks5 module - Geolocation Admin panel: Detalized statistics of countries, app, history, sellers etc ... Ability for send command to one, list , or only new bots. IMEI search. Sort by installed applications, online, sellers, countries. Cleanup old logs Dedicated statistics for sellers. Jabber notifications. Admin panel have an ability to upload your own injects. SMS, logs searching. History links searching. Task statistiks. Additional information: Bot size: 150kb Bot is working with Android 4-7 Root permissions is NOT required for common actions. There are request for getting root permissions Root permissions required for Image phone password changing Phone password changing for All Android Nougat (All Android 7) of Post Send and catch statement SMS works on all All Android versions, the delete works only for 4.4, download and block SMS works All Android 4.4 and newest Permanent display bank notifications with custom text from admin panel. Bot have injects for euro countries. \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Loki admin panel install instructions: apt-get update && apt-get upgrade -y apt-get install apache2 libapache2-mod-php5 mysql-server php5 php5-mysql -y apt-get install default-jre default-jdk -y Debian 7: apt-get install ia32-libs lib32z1 lib32ncurses5 -y Debian 8: dpkg --add-architecture i386 apt-get update apt-get install libstdc++6:i386 libgcc1:i386 zlib1g:i386 libncurses5:i386 lib32z1 lib32ncurses5 Next: wget [Hidden Content] wget -O apktool.jar [Hidden Content] chmod +x ~/apktool.jar chmod +x ~/apktool mv ~/apktool.jar /usr/local/bin/ mv ~/apktool /usr/local/bin/ Next: unpack loki.tar to new dir. something like that: tar xf loki.tar -C /var/www/ change files owner: chown -R www-data:www-data /var/www/ Run: mysql create database loki; grant all privileges on loki.* to [email protected] identified 'DB_PASSWORD'; grant all privileges on loki.* to [email protected] identified by 'DB_PASSWORD'; quit import bd file loki4dev.sql: mysql loki < /var/www/site/loki4dev.sql mysql -u root -pbolonka1 loki </var/www/site/loki4dev.sql Edit: /var/www/site/db.php and enter mysql database access: db: loki db user: loki db password: DB_PASSWORD DONE!!!! address admin panel [Hidden Content] or [Hidden Content] login with name bot4fun and password J1HPbmr ...................................................................... Download: [HIDE][Hidden Content]] Password:
  23. This decryptor is intended to decrypt the files for those victims affected by the ransomware PyLocky This decryptor is built to be executed on Windows systems only and it does require a PCAP of the outbound connection attempt to the C&C servers. This connection is seen seconds after the infection occurs and it will contain, among other info, the Initialization Vector (IV) and a password (both generated randomly at runtime) used to encrypt the files. Without this PCAP containing these values, the decryption won't be possible. The structure of the outbound connection contains an string like: PCNAME=NAME&IV =KXyiJnifKQQ%3D%0A&GC=VGA+3D&PASSWORD=CVxAfel9ojCYJ9So&CPU=Intel%28R%29+Xeon%28R%29+CPU+E5-1660+v4+%40+3.20GHz&LANG=en_US&INSERT=1&UID=XXXXXXXXXXXXXXXX&RAM=4&OSV=10.0.16299+16299&MAC=00%3A00%3A00%3A00%3A45%3A6B&OS=Microsoft+Windows+10+Pro [HIDE][Hidden Content]]
  24. dEEpEst

    GLEAM Ransomware Attack

    Version 2.0.0


    GLEAM Ransomware Attack v2 Ransonware Private Rescue of 300 dollars Options: Encrypted key BTC DisableTaskMgr Start with windows Start Run windows shell CryptoPay payment geteway Kidnapper languages: Buy the hijacker for $ 200