RansomLord: Open-source anti-ransomware exploit tool
RansomLord is an open-source tool that automates the creation of PE files, which are used to exploit ransomware pre-encryption.
“I created RansomLord to demonstrate ransomware is not invincible, has vulnerabilities and its developers make mistakes and can write bad code just like everyone else,” hyp3rlinx, developer of RansomLord, told Help Net Security.
He also outlined the tool’s key features:
- Leverages DLL hijacking tactics often used by cybercriminals.
- Deploys exploits in order to defend the network. This is a novel strategy for defeating ransomware. First public disclosure: Lockbit MVID-2022-0572.
- Malware vulnerability intelligence, -m flag maps threats to vulnerable DLLs. To target specific threats that you believe may target your organization or industry.
- Targets ransomware tools to reveal flaws, which can cause adversaries to refactor code to patch vulnerabilities.
- Saves time and effort, helps fill knowledge gaps required when building anti-ransomware exploit PE files.
- Exposes twelve DLL files for output to defend against 49 ransomware families. cryptsp.dll alone defeats fifteen different ransomware: Yanluowang, Conti, LokiLocker, BlueSky, Haron, Thanos, AvosLocker, Meow, BabukLocker, Cerber, Clop, Play, LockerGoga, Jaff, RuRansom.
- Takes advantage of the high rate of malware suffering from this attack vector. Trojans and info-stealers may also be defeated, e.g. Emotet MVID-2024-0684.
RansomLord is available for free on GitHub.
Must read:
- 15 open-source cybersecurity tools you’ll wish you’d known earlier
- 20 essential open-source cybersecurity tools that save you time
source: HelpNetSecurity
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware
November 23, 2024Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs
November 23, 2024Download: CIS Critical Security Controls v8.1
August 8, 2024