Welcome to Paradise Ransomware source code
The complete source code for Paradise Ransomware has been released on the hacking forum, allowing any cybercriminal to develop their own customized ransomware operation.
Released on the hacking forum XSS, the link to the source code is only available to active users on the site who have previously posted or responded to other posts on the site.
Security Joss researcher Tom Malka, who shared the source code with ithelpsupport, compiled the package and found that it produces three executables – a ransomware configuration builder, an encryptor and a decryptor.
Sprinkled throughout the source code are Russian comments, shown above, that clearly demonstrate the native language of the developer.
A Paradise ransomware associate can use the builder to customize their version of the ransomware to include a custom command and control server, encrypted file extensions, and contact email addresses.
Once the subscriber changes, the service may promote cancellation.
welcome to the Paradise
The Paradise Revengeance Rentware Deal Briefing was broadcast via communication in 2017 and was broadcast and publicized according to IQY.
However, newer versions changed the encryption method to RSA, preventing free decryption of files.
Michael Gillespie, who created the original Paradise ransomware decryptor, told BleepingComputer that the versions of Paradise that were released included:
Heaven – Original version that had flaws allowing decryption.
Paradise .NET – A secure .NET version that switched the encryption algorithm to use RSA encryption.
Paradise B29 – A “team” variant that only encrypts the end of a file.
Gillespie said it was unclear whether they were all developed by the same group because they were all rolling around at the same time with thousands of different extensions, as threat actors grew ransomware-as-a-service. used to come for
Based on submission data from ID Ransomware, Paradise Ransomware was heavily distributed between September 2017 and January 2020, when it suddenly dropped to a point where it is rarely seen.
Unfortunately, Gillespie tells ithlepsupport that the source code is for a secure version of Paradise Ransomware that uses RSA encryption to encrypt files.
By using this source code, other threat actors can easily modify it to release their own customized version of the ransomware, allowing an easy entry point to create a new ransomware operation.