github malvuln/RansomLord v3
RansomLord v3

6 months ago

RansomLord is a proof-of-concept Anti-Ransomware exploitation tool that generates PE files, used to exploit vulnerable ransomware pre-encryption.

Lang: C
SHA256 : 810229C7E62D5EDDD3DA9FFA19D04A31D71F9C36D05B6A614FEF496E88656FF5

This version now intercepts and terminates malware tested from 49 different threat groups.
Adding: StopCrypt, RisePro, RuRansom, MoneyMessage, CryptoFortress and Onyx

Feature update:
Windows event IOC log now includes the SHA256 hash plus full path of the intercepted malware

*** DOWNLOAD "RansomLord_v3.exe" EXE file and NOT the "Source code(zip)" .ZIP archive as that contains older versions

Lamer Security engines may incorrectly flag RansomLord DLLs as malicious.
They are NOT! they export Win32 API function stubs, provide functionality
to generate Windows IOC event logs and eventually call exit()

[+] Generated exploit DLL MD5 file hashes:
[+] x32: b0c8596114b4fd9025305a29977f2d24
[+] x64: 32794fb43a75422b39222fa12783ea13

References:
https://web.archive.org/web/20220601204439/https://www.bleepingcomputer.com/news/security/conti-revil-lockbit-ransomware-bugs-exploited-to-block-encryption/
https://web.archive.org/web/20220504180432/https://www.securityweek.com/vulnerabilities-allow-hijacking-most-ransomware-prevent-file-encryption/

RansomLord_v3





RansomLord_v3_b

Don't miss a new RansomLord release

NewReleases is sending notifications on new releases.