The source code for the Paradise Ransomware has been released on the hacking forum XSS allowing threat actors to develop their own customized ransomware operation. The news of the availability of the source code was first reported by Tom Malka, a senior threat intelligence analyst for security firm Security, that reported it to BleepingComputer and The Record.
Malka compiled the source code and discovered that it creates three executables, the ransomware configuration builder, the encryptor, and a decryptor.
The analysis of the source code revealed the presence of comments in the Russian language that gives us an idea of the origin of the ransomware gang behind it.
Paradise Ransomware has been active since September 2017, its operators offer the malware with a Ransomware-as-a-Service (RaaS) model.
In October 2019, security experts at Emsisoft have developed a tool to decrypt files encrypted by the Paradise ransomware. The ransomware family encrypts files using Salsa20 and RSA-1024 and it appends several extensions to their filenames. The Paradise gang was very active until 2020, then its operations drastically dropped.
The availability of the source code online could allow other ransomware gangs to modify it and conduct their own campaigns.
(SecurityAffairs – hacking, ransomware)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.