The complete source code of Paradise ransomware has been posted on a hacking forum known as XSS. Any interested individual or cybercriminal can now develop their own customized ransomware. Moreover, the link to the complete source code is only available to users already active on the site for some time.

What has happened?

A security researcher, who compiled the source code package, found that the code created three executables - a ransomware configuration builder, a decryptor, and an encryptor.
  • Paradise ransomware affiliates can use this code to develop their own version of the ransomware, with a custom C2 server, encrypted file extension, and contact email address.
  • Once the customized ransomware is developed, affiliates can spread it in their campaigns to target victims. 
  • Additionally, the source code belongs to a secure version of Paradise that uses RSA encryption, and for which no decryptor tool is available.

Three variants of ransomware

Another researcher, who created the main Paradise Ransomware decryptor, told that the versions of Paradise that were released are as follows:
  • Paradise, a native version with flaws allowing decryption.
  • Paradise .NET, a secure .NET version using RSA encryption.
  • Paradise B29 variant that only encrypts the end of a file.

It is not known if these variants are developed by the same group as all were circulating at the same time with thousands of different extensions, as threat actors are popularly using ransomware-as-a-service.

Conclusion

The leaked source code of a fully functional ransomware could be devastating as any interested attacker can launch their own ransomware operation. Thus, it is important to follow basic security hygiene to stay protected from ransomware threats such as taking backup of important files.

Cyware Publisher

Publisher

Cyware