Paradise ransomware source code leaked on XSS hacker forum

Paradise ransomware source code leaked on XSS hacker forum

The source code for the Paradise ransomware has been released on the Russian-speaking hacker forum XSS. The source code was first spotted by Tom Malka, the senior threat intelligence analyst at cybersecurity firm Security Joes, who shared the finding with BleepingComputer.

Malka compiled the source code and discovered that it creates three executables, the ransomware configuration builder, the encryptor, and a decryptor.

The analysis of the source code revealed it contained Russian comments, giving an inkling of the origin of a developer behind the ransomware.

The Paradise ransomware operation first launched in 2017 and was active until 2020 when the gang’s activities significantly dropped. Over the years, multiple Paradise versions were released, including a .NET version that implemented RSA encryption.

According to the security researcher Michael Gillespie, the leaked source code is for the secure version of Paradise ransomware that uses RSA encryption to encrypt files. Cybercriminals could develop their own ransomware based on this source code and use it to conduct ransomware attacks.

Back to the list

Latest Posts

Cyber Security Week in Review: July 4, 2025

Cyber Security Week in Review: July 4, 2025

In brief: Google patches Chrome 0Day, the US is on the hunt for North Korean IT workers, and more.
4 July 2025
AI chatbots fall for phishing scams

AI chatbots fall for phishing scams

The models provided the correct URL only 66% of the time; nearly 30% of responses pointed users to dead or suspended domains.
3 July 2025
Chinese hackers exploited Ivanti flaws in attacks against French government

Chinese hackers exploited Ivanti flaws in attacks against French government

ANSSI believes that the Houken campaign is operated by ‘UNC5174’, an entity believed to act as an initial access broker for China’s Ministry of State Security.
2 July 2025