The source code for the Paradise ransomware has been released on the Russian-speaking hacker forum XSS. The source code was first spotted by Tom Malka, the senior threat intelligence analyst at cybersecurity firm Security Joes, who shared the finding with BleepingComputer.
Malka compiled the source code and discovered that it creates three executables, the ransomware configuration builder, the encryptor, and a decryptor.
The analysis of the source code revealed it contained Russian comments, giving an inkling of the origin of a developer behind the ransomware.
The Paradise ransomware operation first launched in 2017 and was active until 2020 when the gang’s activities significantly dropped. Over the years, multiple Paradise versions were released, including a .NET version that implemented RSA encryption.
According to the security researcher Michael Gillespie, the leaked source code is for the secure version of Paradise ransomware that uses RSA encryption to encrypt files. Cybercriminals could develop their own ransomware based on this source code and use it to conduct ransomware attacks.