The darkweb and cybercrime community is full of twists and interesting developments. A few days ago, a reputed operator in a cybercrime market with the alias ‘Krypt0n’ leaked the source code of the infamous ransomware Petya.
The author of the original Petya ransomware is a group known by the name of Janus Cybercrime solutions and has operated since 2016.
Back in 2017, the original author also leaked the master description key – after a year of their operations.
Here is the directory structure of their source code and its components:
Several ransomware builders have been leaked recently, such as Paradise, leaked by the same actor ‘Krypt0n’.
What to expect next? Other threat actors can create new variants or customized ransomware builders to help them build their own ransomware operations with these source codes.
Organizations should implement the following best practices to strengthen the security posture of their organization’s systems.
- Check for instances of standard executables executing with the hash of another process.
- Implement multi-factor authentication (MFA), especially for privileged accounts.
- Use separate administrative accounts on different administration workstations.
- Employ Local Administrator Password Solution (LAPS).
- Allow the least privilege to employees on data access.
- Use MFA to secure Remote Desktop Protocol (RDP) and ”jump boxes” for access.
- Secure your endpoints by deploying and maintaining endpoint defense tools.
- Always keep all software up-to-date.
- Keep antivirus signatures and engines up-to-date.
- Avoid adding users to the local administrators’ group unless required.
- Implement a strong password policy and enforce regular password changes.
- Configure a personal firewall on organization workstations to deny unwanted connection requests.
- Deactivate unnecessary services on organization workstations and servers.