FOCUS MODE
EXTRACT IOC
Cyber Security News

RansomLord: Open-source anti-ransomware exploit tool – Help Net Security

Cyware

Summary: RansomLord is an open-source tool that automates the creation of PE files to exploit ransomware pre-encryption, aiming to demonstrate vulnerabilities in ransomware and help build anti-ransomware defenses.

Threat Actor: hyp3rlinx | hyp3rlinx
Victim: N/A

Key Point :

  • RansomLord leverages DLL hijacking tactics used by cybercriminals and deploys exploits to defend networks, providing a novel strategy against ransomware.
  • The tool offers malware vulnerability intelligence, allowing users to target specific threats and reveal flaws in ransomware tools, potentially leading to code refactoring by adversaries.
  • RansomLord saves time and effort by helping fill knowledge gaps in building anti-ransomware defenses.

RansomLord is an open-source tool that automates the creation of PE files, which are used to exploit ransomware pre-encryption.

RansomLord

“I created RansomLord to demonstrate ransomware is not invincible, has vulnerabilities and its developers make mistakes and can write bad code just like everyone else,” hyp3rlinx, developer of RansomLord, told Help Net Security.

He also outlined the tool’s key features:

  • Leverages DLL hijacking tactics often used by cybercriminals.
  • Deploys exploits in order to defend the network. This is a novel strategy for defeating ransomware. First public disclosure: Lockbit MVID-2022-0572.
  • Malware vulnerability intelligence, -m flag maps threats to vulnerable DLLs. To target specific threats that you believe may target your organization or industry.
  • Targets ransomware tools to reveal flaws, which can cause adversaries to refactor code to patch vulnerabilities.
  • Saves time and effort, helps fill knowledge gaps required when building anti-ransomware exploit PE files.
  • Exposes twelve DLL files for output to defend against 49 ransomware families. cryptsp.dll alone defeats fifteen different ransomware: Yanluowang, Conti, LokiLocker, BlueSky, Haron, Thanos, AvosLocker, Meow, BabukLocker, Cerber, Clop, Play, LockerGoga, Jaff, RuRansom.
  • Takes advantage of the high rate of malware suffering from this attack vector. Trojans and info-stealers may also be defeated, e.g. Emotet MVID-2024-0684.

RansomLord is available for free on GitHub.

Must read:


Source: https://www.helpnetsecurity.com/2024/05/29/ransomlord-open-source-anti-ransomware-exploit-tool

“An interesting youtube video that may be related to the article above”

Tags: PATCH, EXPLOIT, TOOL, VULNERABILITY