16 June 2021

Paradise ransomware source code leaked on XSS hacker forum


Paradise ransomware source code leaked on XSS hacker forum

The source code for the Paradise ransomware has been released on the Russian-speaking hacker forum XSS. The source code was first spotted by Tom Malka, the senior threat intelligence analyst at cybersecurity firm Security Joes, who shared the finding with BleepingComputer.

Malka compiled the source code and discovered that it creates three executables, the ransomware configuration builder, the encryptor, and a decryptor.

The analysis of the source code revealed it contained Russian comments, giving an inkling of the origin of a developer behind the ransomware.

The Paradise ransomware operation first launched in 2017 and was active until 2020 when the gang’s activities significantly dropped. Over the years, multiple Paradise versions were released, including a .NET version that implemented RSA encryption.

According to the security researcher Michael Gillespie, the leaked source code is for the secure version of Paradise ransomware that uses RSA encryption to encrypt files. Cybercriminals could develop their own ransomware based on this source code and use it to conduct ransomware attacks.

Back to the list

Latest Posts

Iranian hackers masqueraded as aerobics instructor to breach US defence company

Iranian hackers masqueraded as aerobics instructor to breach US defence company

The threat actor used alluring social media persona to infect the machine of an employee of the US aerospace defense contractor with the LEMPO malware.
29 July 2021
US, UK and Australia reveal most targeted vulnerabilities in the last two years

US, UK and Australia reveal most targeted vulnerabilities in the last two years

CVE-2019-19781 was the most exploited flaw in 2020.
29 July 2021
Chinese cyberspies target Microsoft Exchange servers with new PlugX variant

Chinese cyberspies target Microsoft Exchange servers with new PlugX variant

The latest version of PlugX has a variety of plug-ins that allow hackers to monitor, update and interact with the compromised system.
29 July 2021