Categories: EducationFAQ

What Is the PHP Ransomware Project?

More often than not, people wonder where all of these new ransomware threats keep coming from. One answer is a PHP open-source project called “Ransomware” which can be accessed through GitHub. It is a popular project and one that has been active since early 2016. Researchers believe this GitHub project was developed by an Indonesian hacker who is also a member of two large hacking crews. It seems the open-source code presented in this repository has been identified in a few other ransomware types discovered over the past twelve months.

PHP Ransomware Project is Still Going Strong

You may not have heard of the PHP Ransomware Project. The project has been around for over a year, but no one would expect code on GitHub to spawn as many different malware creations as it has. Its code has now been discovered in a number of variations of malware released since early 2016.

Not all of those ransomware strains were developed by the same person who created the PHP project in the first place. Instead, individuals accessed this code freely through Github and used it to build their own projects accordingly. It is pretty common to see ransomware developers take code from existing projects, but less common for a particular GitHub repository to be designed specifically for that purpose.

Researchers successfully identified a few critical ransomware types using this repo’s source code. JapanLocker was the first, which made a bit of an impact last July. Lalabitch, released in July of this year, was another malware variant which made use of this particular repo’s source code. Last but not least, EV Ransomware is the latest strain of its kind to make use of the code. We may very well see new types based on the PHP Ransomware repository in the future. For now, though, most of the activity has subsided.

Related Post

Since the source code for all three ransomware projects was made publicly available, it is impossible to tell who is behind these individual developments. It is certainly possible the alleged creator of this GitHub repo is the person responsible for at least one version of the ransomware, but there is no hard evidence to back that up. One thing is for sure: none of the three aforementioned ransomware types has a decryption mechanism, which is concerning to security experts.

Ransomware is designed in such a way that it forces victims to pay a ransom — often in Bitcoin — in order to have their encrypted files decrypted. Without a decryption mechanism in place, that becomes impossible, regardless of whether or not victims pay the demanded sum.  Unfortunately, this has slowly become a new trend in ransomware, as we have seen a few versions which do not include any decryption capability whatsoever. This does not mean their code does not have encryption capabilities, but rather the code is so buggy that it becomes nearly impossible to get files decrypted easily.

All of this goes to show that web-based ransomware is an emerging trend. Making source code of existing ransomware projects freely accessible will create a lot of new problems for computer users. Especially in the web-based ransomware department, that could prove quite problematic. Malicious software capable of attacking websites, for example, is currently quite unusual, but is expected to become a more popular trend over the next few years. We can only hope for better decryption mechanisms when that time comes.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Best Crypto Presale To Buy Now: Rollblock Delivers For Holders With New License, Record Sign Ups and 7000+ Games

Rollblock is quickly becoming the best crypto presale to buy, delivering unmatched value for its…

3 mins ago

Polkadot And Uniswap Gearing For Post-Christmas Jump As Rollblock Raises $7.4 Million in Presale

While Rollblock's continues its crypto presale, with its value increasing regularly, Polkadot (DOT) and Uniswap…

58 mins ago

IntelMarkets (INTL) Receives Massive Demand From Chainlink And SUI Investors Looking To Position For The Best Bull Run Gains

As the cryptocurrency market gears up for a bull run, IntelMarkets (INTL) is attracting significant…

1 hour ago

FOMO Selling Trigger $1 Billion Liquidations as LINK & SOL Bleed Heavily; What to Do Next?

In the past, Chainlink (LINK) and Solana (SOL) have been among the most discussed altcoins…

7 hours ago

Qubetics $7.4M Presale Revolutionises Blockchain as Bitcoin and Chainlink Drive Innovation: Best Cryptos to Buy for 2025

The crypto market is abuzz with excitement as 2025 approaches. While Bitcoin continues to dominate…

12 hours ago

Best Altcoins to Buy Today: Why Qubetics’ Presale Could Be the Best Investment Opportunity of 2024

The cryptocurrency market never sleeps, and every day feels like an adventure. From household names…

18 hours ago