RansomLord is a proof-of-concept Anti-Ransomware exploitation tool that generates PE files, used to exploit vulnerable ransomware pre-encryption.
Lang: C
SHA256 : 810229C7E62D5EDDD3DA9FFA19D04A31D71F9C36D05B6A614FEF496E88656FF5
This version now intercepts and terminates malware tested from 49 different threat groups.
Adding: StopCrypt, RisePro, RuRansom, MoneyMessage, CryptoFortress and Onyx
Feature update:
Windows event IOC log now includes the SHA256 hash plus full path of the intercepted malware
*** DOWNLOAD "RansomLord_v3.exe" EXE file and NOT the "Source code(zip)" .ZIP archive as that contains older versions
Lamer Security engines may incorrectly flag RansomLord DLLs as malicious.
They are NOT! they export Win32 API function stubs, provide functionality
to generate Windows IOC event logs and eventually call exit()
[+] Generated exploit DLL MD5 file hashes:
[+] x32: b0c8596114b4fd9025305a29977f2d24
[+] x64: 32794fb43a75422b39222fa12783ea13
References:
https://web.archive.org/web/20220601204439/https://www.bleepingcomputer.com/news/security/conti-revil-lockbit-ransomware-bugs-exploited-to-block-encryption/
https://web.archive.org/web/20220504180432/https://www.securityweek.com/vulnerabilities-allow-hijacking-most-ransomware-prevent-file-encryption/