Categories: EducationFAQ

What Is the PHP Ransomware Project?

More often than not, people wonder where all of these new ransomware threats keep coming from. One answer is a PHP open-source project called “Ransomware” which can be accessed through GitHub. It is a popular project and one that has been active since early 2016. Researchers believe this GitHub project was developed by an Indonesian hacker who is also a member of two large hacking crews. It seems the open-source code presented in this repository has been identified in a few other ransomware types discovered over the past twelve months.

PHP Ransomware Project is Still Going Strong

You may not have heard of the PHP Ransomware Project. The project has been around for over a year, but no one would expect code on GitHub to spawn as many different malware creations as it has. Its code has now been discovered in a number of variations of malware released since early 2016.

Not all of those ransomware strains were developed by the same person who created the PHP project in the first place. Instead, individuals accessed this code freely through Github and used it to build their own projects accordingly. It is pretty common to see ransomware developers take code from existing projects, but less common for a particular GitHub repository to be designed specifically for that purpose.

Researchers successfully identified a few critical ransomware types using this repo’s source code. JapanLocker was the first, which made a bit of an impact last July. Lalabitch, released in July of this year, was another malware variant which made use of this particular repo’s source code. Last but not least, EV Ransomware is the latest strain of its kind to make use of the code. We may very well see new types based on the PHP Ransomware repository in the future. For now, though, most of the activity has subsided.

Related Post

Since the source code for all three ransomware projects was made publicly available, it is impossible to tell who is behind these individual developments. It is certainly possible the alleged creator of this GitHub repo is the person responsible for at least one version of the ransomware, but there is no hard evidence to back that up. One thing is for sure: none of the three aforementioned ransomware types has a decryption mechanism, which is concerning to security experts.

Ransomware is designed in such a way that it forces victims to pay a ransom — often in Bitcoin — in order to have their encrypted files decrypted. Without a decryption mechanism in place, that becomes impossible, regardless of whether or not victims pay the demanded sum.  Unfortunately, this has slowly become a new trend in ransomware, as we have seen a few versions which do not include any decryption capability whatsoever. This does not mean their code does not have encryption capabilities, but rather the code is so buggy that it becomes nearly impossible to get files decrypted easily.

All of this goes to show that web-based ransomware is an emerging trend. Making source code of existing ransomware projects freely accessible will create a lot of new problems for computer users. Especially in the web-based ransomware department, that could prove quite problematic. Malicious software capable of attacking websites, for example, is currently quite unusual, but is expected to become a more popular trend over the next few years. We can only hope for better decryption mechanisms when that time comes.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Cheems Surge On BSC Network: A Rising Star With Growing Market Value

The Cheems token on the Binance Smart Chain (BSC) is gaining significant momentum, surging by…

7 hours ago

Lester Token Crashes 40% Following Official Announcement

The value of $LESTER plummeted by 40% in the past 24 hours, leaving its market…

7 hours ago

From $30K To Millions: The Wild Journey Of $Quant And Xiaohaige’s Memecoin Stunts

In a bizarre turn of events, a young live-streamer known as Xiaohaige created the memecoin…

7 hours ago

Whale “convexcuck.eth” Makes Bold $CVX Move, Nets Significant Profit Amid Price Surge

The crypto whale known as "convexcuck.eth" has made waves in the DeFi world, spending $2…

7 hours ago

$ELIZA Token Launch Marred By Insider Trading Allegations

The launch of $ELIZA, a token introduced by Andreessen Horowitz (a16z) partner @shawmakesmagic, has sparked…

7 hours ago

Cardano’s Rally Highlights Diverging Moves Among Investors

Cardano ($ADA) has been making waves in the crypto market, breaking away from the altcoin…

7 hours ago