One of the users of the underground hacking forum XSS posted a link to the full source code of the Paradise ransomware.
The link is available only to active forum users and allows any potential cybercriminal to develop their own version of the ransomware. This was reported by Bleeping Computer.
Cybersecurity researcher Tom Malka at Security Joes compiled the package and found that it creates three executables: a builder, an encryptor, and a decryptor. There are comments in Russian scattered throughout the source code.
A cybercriminal using the source code of the Paradise ransomware can use the constructor to customize his own version of the malware and inject a custom C&C server, encrypted file extension, and contact email into it.
Once custom ransomware has been created, groups can distribute malware in their malicious campaigns to potential victims.
Paradise activity was first recorded in September 2017. Operators spread the ransomware using phishing emails containing malicious IQY attachments. Over time, several versions of the ransomware were released, with the first versions containing vulnerabilities that allowed the creation of the Paradise decryptor. However, in newer versions, the encryption method was changed to RSA, which prevented free decryption of files.
Catch up on more articles here
Follow us on Twitter here