Info Data Leak

Ransomware Builder Advertised on Underground Forum

DailyDarkWeb

Threat Actor: Unknown | Unknown
Victim: Not specified | Not specified
Price: Not provided
Exfiltrated Data Type: Not specified

Key Points :

  • A threat actor is advertising a ransomware builder named Nevermore Ransomware Builder on a dark web forum.
  • The ransomware builder allows customization of instructions, wallpapers, and icons.
  • The builder offers two encryption modes, one encrypting only filenames and the other encrypting everything.

The content:
Ransomware Builder Advertised on Underground Forum

A threat actor shares a ransomware builder named Nevermore Ransomware Builder on a dark web forum. According to the post, attackers can customize the builder and upload their own instructions, desired wallpapers, and custom icons.

The threat actor also indicates that the ransomware builder gives two encryption modes. One of them only encrypts the filenames while the other one encrypts everything. For further customization, attackers can also choose how to receive the ransom. They can pick the desired wallet and the crypto coin.

Another feature of the ransomware builder is “File Stealer” which allows attackers to download victims’ files before encrypting them. According to the post, every payload is unique and the ransomware is advertised as fully undetectable by Windows Defender.

Price or contact information is not provided.

The post A Ransomware Builder Advertised on a Dark Web Forum appeared first on Daily Dark Web.

A threat actor shares a ransomware builder named Nevermore Ransomware Builder on a dark web forum. According to the post, attackers can customize the builder and upload their own instructions, desired wallpapers and custom icons.

The threat actor also indicates that the ransomware builder gives two encryption modes. One of them only encrypts the filenames while the other one encrypts everything. For further customization attackers can also choose how to receive the ransom. They can pick the desired wallet and the crypto coin.

Another feature of the ransomware builder is “File Stealer” which allows attackers to download victims’ files before encrypting them. According to the post, every payload is unique and the ransomware is advertised as fully undetectable by Windows Defender.

Price or contact information is not provided.

The post A Ransomware Builder Advertised on a Dark Web Forum appeared first on Daily Dark Web.

Tags: WINDOWS, DARK WEB, CRYPTO, PAYLOAD