Search the Community

Showing results for tags 'ransomware'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Cracking Zone
    • Cracking Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
    • Windows Phone
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Premium Accounts
    • Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Cracking Zone PRIV8
    • Cracking Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area


There are no results to display.

There are no results to display.

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start








Found 25 results

  1. dEEpEst

    pycryptor Ransomware

    pycryptor A short, sweet, PoC Python Ransomware (+A file vault for protecting the users files) using Advanced Encryption Standards. The program uses the AES-GCM-256 for its work. [Hide][Hidden Content]]
  2. dEEpEst

    Mock Ransomware

    "# mock-ransomware" Release\ransomware.exe Go to test folder, notice the permission changes, change them back to see the encrypted text Delete copied malware inside of \\Users\\<name>\\ransomwaredirectory open up regedit to also delete persistent keys reg DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ransomware_pwn /f The operation completed successfully. reg QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Run to verify To view the driver installed C:\> sc query MyCustomBeep SERVICE_NAME: MyCustomBeep TYPE : 1 KERNEL_DRIVER STATE : 1 STOPPED WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : [Hide][Hidden Content]]
  3. "De acuerdo a las cifras ofrecidas por KasperskyLab, el aumento de nuevas amenazas de ransomware se ha intensificado casi al doble." 7,620 - 2018 - Amenazas de Ransomware 16,017 - 2019 Amenazas de Ransomware Al igual, que los números de usuarios infectados (victimas) del ransomware. 158.921 usuarios afectados 2018 230.000 usuarios afectados 2019 13 tips para evitar la infeccion Realizar periódicamente Backups de tu información. Se recomienda tener copias de nuestra informacion en medios como la nube, otro en físico, como memorias USB y discos duros portátiles. Mantener el Sistema Operativo actualizado hasta la ultima versión. Contar con software antivirus que tenga funciones anti-ransomware Aumentar la seguridad de tus dispositivos moviles como SmartPhones y Tablet. En 2017 Google elimino mas de 700,000 aplicaciones maliciosas de la PlayStore. De ser posible implementar extensiones anti-malware a los navegadores. Mantener actualizado los antivirus. Establecer filtros de seguridad en los e-mail, corporativos o no. No descargar archivos de ningún tipo de fuentes poco confiables o no oficiales. Contar con un repertorio de herramientas anti-ransomware. Esto debido a que existen herramientas especificas para un tipo de ransomware. Prepara un plan de respuesta y de ser necesario capacita a tus empleados o usuarios de la red, como a tu familia. Ejecuta análisis periódicos en busca de amenazas en tus equipos No pagar el rescate. En muchos casos, usuarios han pagado el rescate y no recuperaron ni su información ni sus equipos. Usar el sentido común y no dar clic en todo lo que veamos. Fuente
  4. dEEpEst

    HiddenTear Ransomware

    _ _ _ _ _ | | (_) | | | | | | | |__ _ __| | __| | ___ _ __ | |_ ___ __ _ _ __ | '_ \| |/ _` |/ _` |/ _ \ '_ \ | __/ _ \/ _` | '__| | | | | | (_| | (_| | __/ | | | | || __/ (_| | | |_| |_|_|\__,_|\__,_|\___|_| |_| \__\___|\__,_|_| It's a ransomware-like file crypter sample which can be modified for specific purposes. Features Uses AES algorithm to encrypt files. Sends encryption key to a server. Encrypted files can be decrypt in decrypter program with encryption key. Creates a text file in Desktop with given message. Small file size (12 KB) Doesn't detected to antivirus programs (15/08/2015) [Hidden Content] Demonstration Video [Hidden Content] Download: [HIDE][Hidden Content]]
  5. Multiple Bugs in Canon DSLR Camera Let Hackers Infect with Ransomware Over a Rouge WiFi Access Point * Researchers discovered multiple critical vulnerabilities in Picture Transfer Protocol (PTP) that allows attackers to infect the Canon DSLR camera with ransomware to encrypt the pictures and demand the ransom. * An attacker who is very close with the victim’s WiFi or already hijacked computers with the USB access could propagate them to infect the cameras with deadly malware and ransomware.
  6. dEEpEst

    NodeCrypt - Linux Ransomware

    What is nodeCrypto? Install server Install and run Screenshot What is nodeCrypto? nodeCrypt is a linux Ransomware written in NodeJs that encrypt predefined files. This project was created for educational purposes, you are the sole responsible for the use of nodeCrypto. Install server Upload all file of server/ folder on your webserver. Create a sql database and import sql/nodeCrypto.sql Edit server/libs/db.php and add your SQL ID. Install and run git clone [Hidden Content] cd nodeCrypto && npm install You must edit first variable in index.js Once your configuration is complete, you can start the ransomware. node index.js The files at the root of the web server will encrypt and send to the server. Screenshot To Do Client (victim) Encrypt webserver Use private key for encryption Adapt SSL Server Recover data (user + encrypted file) Format the database Make GUI for webserver Make an executable to decrypt the files (Only on request! Contact me) [Hidden Content]
  7. itsMe

    Ransomware Decryptors

    [Hidden Content]
  8. GonnaCry Ransomware GONNACRY – LINUX RANSOMWARE THAT ENCRYPTS ALL USER FILES GonnaCry Rasomware Original Repository of the GonnaCry Ransomware. This project is OpenSource, feel free to use, study and/or send pull request. GonnaCry is a linux ransomware that encrypt all user files with strong encryption scheme. There is two versions of the Ransomware Code: C and Python. How this ransomware works: [Hidden Content] [Hidden Content] How this ransomware encryption scheme works: [Hidden Content] Mentions: [Hidden Content] [Hidden Content] [Hidden Content] Disclaimer This Ransomware musn't be used to harm/threat/hurt other person's computer. It's purpose is only to share knowledge and awareness about Malware/Cryptography/Operating Systems/Programming. GonnaCry is a academic ransomware made for learning and awareness about secutiry/cryptography. Be aware running C/bin/GonnaCry or Python/GonnaCry/ Python/GonnaCry/bin/gonnacry in your computer, it may harm. What's a Ransomware? A ransomware is a form of malware that prevent legitimate users from accessing their device or data and asks for a payment in exchange for the stolen functionality. They have been used for mass extortion in various forms, but the most successful seem to be encrypting ransomware: most of the user data are encrypted and the key can be retrieved with a payment to the attacker. To be widely successful a ransomware must fulfill three properties: Property 1: The hostile binary code must not contain any secret (e.g. deciphering keys). At least not in an easily retrievable form, indeed white box cryptography can be applied to ransomware. Property 2: Only the author of the attack should be able to decrypt the infected device. Property 3: Decrypting one device can not provide any useful information for other infected devices, in particular the key must not be shared among them. Objectives: encrypt all user files with AES-256-CBC. Random AES key and IV for each file. Works even without internet connection. Communication with the server to decrypt Client-private-key. encrypt AES key with client-public-key RSA-2048. encrypt client-private-key with RSA-2048 server-public-key. Change computer wallpaper -> Gnome, LXDE, KDE, XFCE. Decryptor that communicate to server to send keys. python webserver Daemon Dropper Download: [HIDE][Hidden Content]]
  9. dEEpEst

    Angie Ransomware

    Angie-Ransomware Professional ransomware for educational purposes Angie-Ransomware is x32 bit ransomware that is designed to target mainly x64 Windows but still supports x32 bit of course, She by design can bypass almost all sandboxes by using its own NTDLL stubs from Windows 7 to Windows 10 1809, if the version of windows is newer than Windows 10 1809 will load the addressed from NTDLL.DLL and use them. Another trick that she does is if she is under Wow64 after connecting to master and retrieves a encryption key, she will switch to long mode and operate on x64 user space, this switch is the killer for almost all sandboxes and debuggers and its the biggest defence. Its still under development. Tools Visual Studio 2017/2019 Intel System Studio 19.0 Windows SDK 10.0.17763.0 Sysinternals Suite Make from Mingw Nasm Cool people [Hidden Content] Some images Download: [HIDE][Hidden Content]]
  10. Level23HackTool

    Android Ransomware

    [Hidden Content]
  11. [Hidden Content]
  12. dEEpEst

    Simple Ransomware

    Simple Ransomware Description This is a simple ransomware build with C# Automatically create parent application, can replace address BTC you're copying (BTC Stealer) Combine using fake application [Hidden Content]
  13. [Hidden Content]
  14. Ransomware Forces Two Chemical Companies to Order ‘Hundreds of New Computers’ It appears that LockerGoga, the same ransomware that hit aluminum manufacturing giant Norsk Hydro this week, also infected American chemicals companies Hexion and Momentive, leaving employees locked out of their computers.
  15. Features of the bot: - Graber cards - Spam on user contacts - Calling the number - Forwarding incoming calls - Launching user applications - Automatic withdrawal of fake notifications, with taken bank icons - Interception, block-deleting incoming SMS, sending, including short numbers - Download all user application names - Graber contacts - Screen locker - Launch pages in the browser - Launch user applications - Search for Bank applications - Browser history graber - Socks5 module - Sending USSD - Geolocation - Spam by number base Admin panel: Detailed statistics on countries, app, url histories, selerians, etc. The ability to issue commands to a particular bot, group, as well as all newcomers. Search by imei, sorting by installed applications, online bots, seler, countries. Cleaning of old logs. Separate statistics for traffic. Jabber notification. There is a possibility to load their injections, with the admin panel. Search by SMS, logs. Searching for links by history. The statistics for the tasks that have been issued are fulfilled. Etc. Additional info: The size of the bot is 150 kb. Stable work on Android 4-7. For basic work, root rights are not required. Request admin rights. To change the phone password, you need the admin rights (requested when installing). Change the password to Android Nougat (Android 7) version in part. Sending and intercepting SMS on all versions, deleting up to 4.4, downloading all SMS from 4.4, block SMS over 4.4 via SMS manager / Screen Locker (when locked via SMS manager, SMS is not seen only by the Holder). Permanent withdrawal of bank (fake) notifications with bank icons, the text can be set with the admin panel when you click on the message the injection is started. In the presence of injections of euro countries, they are bundled with a bot. An additional functional is possible. Android Bot Loki We want to offer a bot of our own developments. A completely new bot engine, the wishes of the customers are part of the functions of are automated, advanced functionality. Bot features: - Card grabber - Phone contacts spam - Custom numbers spam - Call to number - Incoming call forwarding - Start user applications - Automatic invoke fake notifications with custom icons - Catch, block, delete incoming SMS. Sent new SMS - Get list of user applications - Contact grabber - Screen locker - Web application browser - Bank applications searching - Browser history grabber - Socks5 module - Geolocation Admin panel: Detalized statistics of countries, app, history, sellers etc ... Ability for send command to one, list , or only new bots. IMEI search. Sort by installed applications, online, sellers, countries. Cleanup old logs Dedicated statistics for sellers. Jabber notifications. Admin panel have an ability to upload your own injects. SMS, logs searching. History links searching. Task statistiks. Additional information: Bot size: 150kb Bot is working with Android 4-7 Root permissions is NOT required for common actions. There are request for getting root permissions Root permissions required for Image phone password changing Phone password changing for All Android Nougat (All Android 7) of Post Send and catch statement SMS works on all All Android versions, the delete works only for 4.4, download and block SMS works All Android 4.4 and newest Permanent display bank notifications with custom text from admin panel. Bot have injects for euro countries. \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Loki admin panel install instructions: apt-get update && apt-get upgrade -y apt-get install apache2 libapache2-mod-php5 mysql-server php5 php5-mysql -y apt-get install default-jre default-jdk -y Debian 7: apt-get install ia32-libs lib32z1 lib32ncurses5 -y Debian 8: dpkg --add-architecture i386 apt-get update apt-get install libstdc++6:i386 libgcc1:i386 zlib1g:i386 libncurses5:i386 lib32z1 lib32ncurses5 Next: wget [Hidden Content] wget -O apktool.jar [Hidden Content] chmod +x ~/apktool.jar chmod +x ~/apktool mv ~/apktool.jar /usr/local/bin/ mv ~/apktool /usr/local/bin/ Next: unpack loki.tar to new dir. something like that: tar xf loki.tar -C /var/www/ change files owner: chown -R www-data:www-data /var/www/ Run: mysql create database loki; grant all privileges on loki.* to [email protected] identified 'DB_PASSWORD'; grant all privileges on loki.* to [email protected] identified by 'DB_PASSWORD'; quit import bd file loki4dev.sql: mysql loki < /var/www/site/loki4dev.sql mysql -u root -pbolonka1 loki </var/www/site/loki4dev.sql Edit: /var/www/site/db.php and enter mysql database access: db: loki db user: loki db password: DB_PASSWORD DONE!!!! address admin panel [Hidden Content] or [Hidden Content] login with name bot4fun and password J1HPbmr ...................................................................... Download: [HIDE][Hidden Content]] Password:
  16. TheFOX

    Philadelphia ransomware

    Philadelphia ransomware is a RaaS which let you create and manage your own ransomware Comes with usb spread lab spread and blah blah blah How to use 1.Download 2.Open 3.Create bridge and upload on any webhost or shelled website 4.enter bridge url bridge and create payload and change btc address and ammount Download [Hidden Content] Don't forget to give +rep ::Blackhat::
  17. This decryptor is intended to decrypt the files for those victims affected by the ransomware PyLocky This decryptor is built to be executed on Windows systems only and it does require a PCAP of the outbound connection attempt to the C&C servers. This connection is seen seconds after the infection occurs and it will contain, among other info, the Initialization Vector (IV) and a password (both generated randomly at runtime) used to encrypt the files. Without this PCAP containing these values, the decryption won't be possible. The structure of the outbound connection contains an string like: PCNAME=NAME&IV =KXyiJnifKQQ%3D%0A&GC=VGA+3D&PASSWORD=CVxAfel9ojCYJ9So&CPU=Intel%28R%29+Xeon%28R%29+CPU+E5-1660+v4+%40+3.20GHz&LANG=en_US&INSERT=1&UID=XXXXXXXXXXXXXXXX&RAM=4&OSV=10.0.16299+16299&MAC=00%3A00%3A00%3A00%3A45%3A6B&OS=Microsoft+Windows+10+Pro [HIDE][Hidden Content]]
  18. dEEpEst

    ransomware GLEAM Ransomware Attack

    Version 2.0.0


    GLEAM Ransomware Attack v2 Ransonware Private Rescue of 300 dollars Options: Encrypted key BTC DisableTaskMgr Start with windows Start Run windows shell CryptoPay payment geteway Kidnapper languages: Buy the hijacker for $ 200


  19. Download: [HIDE][Hidden Content]] Password:
  20. Download: [HIDE][Hidden Content]] Password:
  21. Download: [HIDE][Hidden Content]] Passwoord:
  22. dEEpEst

    ransomware YourRansom

    YourRansom YourRansom is an encryption tool written in Golang. It has built-in encryption parameters, random key generation, and online download of readme files. The design is based on the design idea of [Landomware]. Or in other words, this is a self-made learning [ransomware] imitation. In the next is just a new, the program is also very naive, please feel a little more painful love. Compile yourself Because YourRansom builds the encrypted configuration into the compiled binaries, if you want to use your own YourRansom, you need to adjust the parameters and compile your own YourRansom . Preparation environment YourRansom is written in Golang, and you need to prepare the corresponding Golang environment before compiling, or compile it in an online environment such as cloud9 (usually you need to install the Golang environment yourself). You can then get the source file of YourRansom from GitHub via go get: go get Configuration parameter YourRansom stores the configuration in a binary file, but it doesn't store the original data directly (it used to be, then I feel so too young, too simple and sometimes naive, so I changed to the current mode), but stored the JSON format configuration file using DES The string obtained after encryption and base64. I specifically provided a configuration generator and template file for this: YourRansom/confGen, just fill in the data in the form, and then execute confGen to get the configuration information. [HIDE][Hidden Content]]
  23. dEEpEst

    SITCON Ransomware

    [Hidden Content]
  24. yoyohoneysinger

    Ransomware Petya

  25. dEEpEst

    ransomware Ladon Ransomware

    Download: [HIDE][Hidden Content]] Password: