RansomLord: Open-source anti-ransomware exploit tool
RansomLord is an open-source tool that automates the creation of PE files, which are used to exploit ransomware pre-encryption.
“I created RansomLord to demonstrate ransomware is not invincible, has vulnerabilities and its developers make mistakes and can write bad code just like everyone else,” hyp3rlinx, developer of RansomLord, told Help Net Security.
He also outlined the tool’s key features:
- Leverages DLL hijacking tactics often used by cybercriminals.
- Deploys exploits in order to defend the network. This is a novel strategy for defeating ransomware. First public disclosure: Lockbit MVID-2022-0572.
- Malware vulnerability intelligence, -m flag maps threats to vulnerable DLLs. To target specific threats that you believe may target your organization or industry.
- Targets ransomware tools to reveal flaws, which can cause adversaries to refactor code to patch vulnerabilities.
- Saves time and effort, helps fill knowledge gaps required when building anti-ransomware exploit PE files.
- Exposes twelve DLL files for output to defend against 49 ransomware families. cryptsp.dll alone defeats fifteen different ransomware: Yanluowang, Conti, LokiLocker, BlueSky, Haron, Thanos, AvosLocker, Meow, BabukLocker, Cerber, Clop, Play, LockerGoga, Jaff, RuRansom.
- Takes advantage of the high rate of malware suffering from this attack vector. Trojans and info-stealers may also be defeated, e.g. Emotet MVID-2024-0684.
RansomLord is available for free on GitHub.
Must read:
- 20 free cybersecurity tools you might have missed
- 15 open-source cybersecurity tools you’ll wish you’d known earlier
- 20 essential open-source cybersecurity tools that save you time