Exetools

Exetools (https://forum.exetools.com/index.php)
-   Source Code (https://forum.exetools.com/forumdisplay.php?f=46)
-   -   Paradise ransomware source code by vx-underground (https://forum.exetools.com/showthread.php?t=19872)

Giotis 06-16-2021 14:21

Paradise ransomware source code by vx-underground
 
News about the recent leak
Code:

https://therecord.media/source-code-for-paradise-ransomware-leaked-on-hacking-forums/
Download
Quote:

https://github.com/vxunderground/MalwareSourceCode/tree/main/Leaks/Win32

Kurapica 06-16-2021 19:48

C# and some fancy Loop with RSA :D

best way to make money in 2021

CodeCracker 06-23-2021 17:55

How was the "Emsisoft Decrypt for Paradise" made?
I thought that decrypt of files protected by ransomware is impossible!

Shub-Nigurrath 06-23-2021 18:42

There are different ways to write a decrypter, mainly coding crypto stuff errors. However, as reported in the news, Paradise was "certified" to be undecryptable (https://twitter.com/demonslay335/status/1202936203290525701). Consider that Emsisoft decrypter is from 2019, and these sources of Paradise, if I see well, are from 2020

Kurapica 06-23-2021 22:10

@CodeCracker : weakly coded ransomwares sometimes left traces of encryption keys either in RAM or somewhere else which sometimes can help create a decryptor if those traces could be dumped and used.

CodeCracker 06-24-2021 02:22

From my analyzes of the ransom globeimposter, this ramsoware uses RSA-2048 and AES-128, as far as I know there is no plain text attack of AES-128, and AES key is just some random bytes initialized at execution time; and the key will differ on each run.
So still don't know how the decryption is possible.

Kurapica 06-24-2021 03:21

Maybe it was possible for the older versions.


All times are GMT +8. The time now is 07:29.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2021, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX