RansomLord v3 - Anti-Ransomware Exploitation Tool / New Release

2024.05.09

Credit: malvuln

Risk: Medium

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

Proof-of-concept tool that automates the creation of PE files, used to exploit ransomware pre-encryption.
Updated v3: https://github.com/malvuln/RansomLord/releases/tag/v3
Lang: C
810229C7E62D5EDDD3DA9FFA19D04A31D71F9C36D05B6A614FEF496E88656FF5
Video PoC (old v2):
https://www.youtube.com/watch?v=_Ho0bpeJWqI
RansomLord generated PE files are saved to disk in the x32 or x64 directories where the program is run from. Goal is to exploit vulnerabilities inherent in certain strains of ransomware by deploying exploits that defend the network! The DLLs may also provide additional coverage against generic and info stealer malwares.
RansomLord v3 release notes:
Adding six more Ransomware to the victim list for a grand total of 49
StopCrypt, RisePro, RuRansom, MoneyMessage, CryptoFortress and Onyx.
Windows event log now includes SHA256 hash of the intercepted malware.
https://github.com/malvuln/RansomLord
MALVULN

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

RansomLord v3 - Anti-Ransomware Exploitation Tool / New Release

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.