Hacktivist group AzzaSec has announced the release of a Windows ransomware builder. The builder was posted via the Telegram channel on June 23, 2024. Designed in .NET, this malicious software features sophisticated functionality including SHA 512 and AES encryption, ensuring its undetectable (FUD) status with minimal risk of detection, as verified by its single hit on KleenScan. AzzaSec claims their ransomware can bypass major antivirus solutions such as Windows 10 / 11 Defender, Avast, Kaspersky, and AVG.
In addition to its encryption prowess, the builder includes anti-virtual machine, anti-debugging, and anti-sandbox capabilities, as demonstrated in a revealing demo video shared alongside the announcement. This video showcases how decryption keys and victim information are stored securely on a centralized Command and Control (C2) server.
AzzaSec Announces New Windows Ransomware Builder
Pricing for AzzaSec’s ransomware varies, from $300 for a single-use stub to a subscription model costing up to $4500 for six months. The source code for this Windows ransomware builder is also available for purchase at a steep $8000.
The development of AzzaSec’s ransomware marks a new advancement in cyber threats, highlighting the evolution of ransomware-as-a-service (RaaS). This model not only empowers threat actors with turnkey tools but also commodifies cyber extortion, potentially increasing the frequency and impact of ransomware attacks globally.
The group’s announcement highlights a growing trend where malicious actors leverage sophisticated technologies and monetization strategies to maximize their impact on unsuspecting victims. As cybersecurity defenses evolve, so do the tactics of those seeking illicit gains through digital means.
Features and Functionality of the Windows Ransomware Builder
In their Telegram post, AzzaSec described their ransomware’s capabilities in detail. Developed with VB.NET and weighing 10MB, the ransomware utilizes a unique algorithm for encryption. It operates with a fully undetectable structure, boasting a detection rate of only 1 out of 40 on KleenScan. Tested against various security solutions including Windows Defender, Avast, Kaspersky, and AVG, AzzaSec ensures its malware’s effectiveness in compromising systems.
The ransomware functions by connecting to a C2 server, where decryption keys and device information are stored. This approach allows the threat actors to monitor and control the ransomware’s impact remotely. Furthermore, the ransomware includes anti-virtual machine, anti-debugging, and anti-sandbox features, making it resilient against common security countermeasures.
AzzaSec also outlined its pricing strategy: $300 for a single-use stub, escalating to $4500 for a six-month subscription. For those seeking full control, the source code is available for $8000, enabling other threat actors to customize and deploy the ransomware independently.
AzzaSec’s emergence into the ransomware scene signals a reminder for organizations and individuals alike to upgrade their cybersecurity measures and remain vigilant against online threats. As ransomware-as-a-service models become more accessible, preemptive cybersecurity measures and incident response plans are essential defenses against these ever-present dangers.
