Paradise Ransomware source code released

The Paradise Ransomware source code was released on a hacking forum and may be used by any aspiring hacker to create their own customized ransomware operation.


Only active members who have previously replied to or reacted to other posts on the site have access to the source code that was disclosed on the hacker forum XSS.


Tom Malka of Security Joes discovered three executables when he built the source code package: a ransomware configuration builder, an encryptor, and a decryptor.




   Hacking Forum, Paradise, RaaS, Ransomware, Ransomware-as-a-Service, Source Code, Security, InfoSec, Computer Security, Paradise ransomware, paradise ransomware released, paradise ransomware source code released, antivirus, backdoor, clop gang, clop ransomware, Clop ransomware gang, clop ransomware gang arrested, Computer Security, Computer Security news, computers, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, cyberattack, Cyberattack news, cyberattacks, cybercrime, cybercriminals, cybersafe news, cybersecurity, cybersecurity news now, cybersecurity news today, dark web, data breach, Data leak, data stealing malware, DDoS, Distributed Denial of Service, Email, email security, exploit, hacker news, Hacks, Infected Installer, Info Stealer, information security, Information Stealer, InfoSec, infosec news, latest cybernews today, latest cybersecurity news today, linux, Mac, Malicious email campaign, Malvertising, Malware, malware app, malware removal, mining bots, Mobile Security, network security, Nuclear, online security, personal data exposed, Phishing, Privacy, python bot, ransomware, ransomware attack, ransomware attacks 2021, ransomware gang, ransomware group, ransomware malware, ransomware news, RAT, RCE, recent ransomware attacks, Remote Access Trojan, Remote Code Execution, remote desktop app, remote desktop app virus, remote desktop malware, REvil, rootkit, Security, security flaw, smartphone, software vulnerability, Spam, spyware, Supply Chain, tech, tech news, tech support, tech updates, technical support, Technology, trojan, Ukraine, USA, virus, virus removal, Vulnerabilities, Vulnerability, Web Security




Russian comments can be found throughout the source code, indicating the developer’s native tongue.


The developer allows a Paradise ransomware affiliate to create their own version of the ransomware, complete with a personalized command and control server, encrypted file extension, and contact email address.


Affiliates can distribute customized ransomware in their campaigns to target victims after building it.


The Paradise Malware operation began in September 2017 with the use of phishing emails with malicious IQY files that downloaded and installed the ransomware.


Multiple versions of the ransomware have been released since then, with early versions featuring weaknesses that prompted the development of a Paradise Ransomware decryptor.


The encryption mechanism was modified to RSA in the later versions, which precluded free file decryption.


It’s unclear if the various versions of Paradise that were released were all created by the same organisation because they all circulated at approximately the same time with thousands of different extensions.


The Paradise Ransomware was widely circulated between September 2017 and January 2020, before dramatically decreasing to the point where it is now rarely observed.


The source code for the secure version of Paradise Ransomware, which encrypts files with RSA encryption, has been provided.


Aspiring threat actors can readily adapt this source code to release their own modified form of the ransomware, making it a simple entry point into starting a new ransomware operation.



Also read: 


Russian cybercriminal arrested in US


Clop ransomware gang arrested by Ukraine police


REvil ransomware attacks US nuclear weapons contractor