Trending
ee-track">
Link copied!

Petya and Paradise Ransomware Source Codes Leaked

The darkweb and cybercrime community is full of twists and interesting developments. A few days ago, a reputed operator in a cybercrime market with the alias 'Krypt0n' leaked the source code of the infamous ransomware…

July 3, 2021 · 2 min read
Petya and Paradise Ransomware Source Codes Leaked

The darkweb and cybercrime community is full of twists and interesting developments. A few days ago, a reputed operator in a cybercrime market with the alias ‘Krypt0n’ leaked the source code of the infamous ransomware Petya.

The author of the original Petya ransomware is a group known by the name of Janus Cybercrime solutions and has operated since 2016.

Back in 2017, the original author also leaked the master description key – after a year of their operations.

image 5
Post by the alias ‘Krypt0n’ – Source code of Petya

Here is the directory structure of their source code and its components:

image 7
Petya Ransomware Source Code
image 10

Several ransomware builders have been leaked recently, such as Paradise, leaked by the same actor ‘Krypt0n’.

image 8
Paradise Ransomware Source Code #1
image 9
Paradise Ransomware Source Code Leak

What to expect next? Other threat actors can create new variants or customized ransomware builders to help them build their own ransomware operations with these source codes.

Organizations should implement the following best practices to strengthen the security posture of their organization’s systems.   

  • Check for instances of standard executables executing with the hash of another process. 
  • Implement multi-factor authentication (MFA), especially for privileged accounts. 
  • Use separate administrative accounts on different administration workstations.   
  • Employ Local Administrator Password Solution (LAPS).   
  • Allow the least privilege to employees on data access.   
  • Use MFA to secure Remote Desktop Protocol (RDP) and ”jump boxes” for access.   
  • Secure your endpoints by deploying and maintaining endpoint defense tools.   
  • Always keep all software up-to-date.   
  • Keep antivirus signatures and engines up-to-date.   
  • Avoid adding users to the local administrators’ group unless required.   
  • Implement a strong password policy and enforce regular password changes.   
  • Configure a personal firewall on organization workstations to deny unwanted connection requests. 
  • Deactivate unnecessary services on organization workstations and servers. 

AI Threat Intelligence

Stop Executive Threats
Before They Strike

Monitor dark web chatter, detect lookalike domains, and protect your C-suite from targeted impersonation — in real time, across 50+ countries.

Scroll to Top

Book your session

Request a Personalized Demo

See how Cyble's threat intelligence protects your organization. A specialist will reach out within one business day.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams

Download the brochure

Get the Cyble Vision Brochure

Explore how Cyble Vision delivers AI-powered threat intelligence across your attack surface. Fill in your details to access the brochure.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams