14 April 2023 9 minutes

What is Ransomware?

Ransomware is a type of malware designed to encrypt files on a device, rendering any files and systems that rely on them unusable. In this guide, we will talk about sharing and encrypting or erasing information. How to do it with Ransomware/Wiper in the operating systems of the aggressor country. How to encrypt or infect a work computer in Russia. How to do it with alternative methods for users. Why exactly you can help us. How it will help stop the war. Where to merge information from the Russian Federation. The article contains links to ready-made examples of malicious software. The encryption program blocks access to the operating system or prevents the reading of data recorded on it. Most often by selectively encrypting information on the device and demanding a ransom for decryption. For example, ransomware is very well known throughout the world. For example, such as Kronos, Babuk, Conti, DoppelPaymer, Pay2Key, RegretLocker, Ragnar Locker, CovidLock, Ryuk, Reveton, Maoloa.

An encryptor may not always be a ransomware. The program can be used to permanently encrypt the system and not have recovery keys. Even if an encrypted system has been paid for, the ransomer is not required to send the recovery keys. Decrypting the system without a key is almost impossible. Specialized programs from Avast, Eset and similar can sometimes be used for decryption. They will be able to decipher the system only in some cases. If the ransomware is new, antivirus software may miss it. Wiper malware completely destroys or erases all data from a network or target computer. Data recovery is almost impossible.

A little history…

The first variants of Ransomware worked on the principle of installing Trojan.WinlockLockScreen on the target PC. They registered themselves in the registry and autoload. When loading the OS, the user could see a sad window on his PC screen with information about his allegedly illegal activities. The user was given time until “complete data destruction” and a form to pay so that their data would not be sent to law enforcement. The user was often scared and, depending on which payment method was prescribed by the cunning attacker, he sent paid SMS, transferred cryptocurrency or bought his data in any other way. Of course, all this was an attempt at intimidation and did not represent anything in particular. Occasionally, there were tentative attempts to build an encryptor into the trojan, but they mostly didn’t work. Also, there was always a possibility that the author of the Trojan would not be able to decrypt the encrypted data due to crooked execution. Won’t just send the decryption key.

Currently, Ransomware is a very serious threat and always includes data encryption using a symmetric and asymmetric key. Very dangerous for computer systems. Can work on almost any OS. It is used mostly in the corporate sector to encrypt the databases of companies/enterprises and then blackmail them for ransom.

Why are we asking you to help?

Hello sysadmin, IT student, schoolboy, student or person who just sympathizes. A war started by Putin continues in Ukraine. I think it is already obvious to everyone that the army of the Russian Federation, vilely, without declaring war, attacked the largest country in Europe – Ukraine, with the aim of occupation and further destruction of Ukraine as a state.

It is not about any “liberation”, “denazification” or “demilitarization”. The Russian regular army destroys the civilian population, women, children and any Ukrainians, for which all other Russians – accomplices sooner or later will have to pay reparations and contributions. I understand that you want to believe that this is not the case, but the regular army of the Russian Federation is engaged in looting, rape, robbery, murder and genocide of the civilian population of Ukraine and sooner or later will bring the same to the Russian Federation. Even if you did not take part in this war, are “out of politics” or think that it does not concern you, according to the Russian constitution, the source of power in Russia is the people. This means that the consequences will fall on the neck of the Russian people, just as reparations after the war fell on the neck of the German people, regardless of whether they supported the aggressor or not, in the same way, whether you supported Putin or not, you and your children will have to pay for his decision. We urge you to help stop Putin and reduce the number of deaths on both sides, because life is more than anything, but we also directly say that it will save you money in the future.

How will this help the war?

This will help stop the war…

Due to cyberattacks, the Russian Aviation Service switched to paper document circulation, which is evident from the telegram of the head of the department Oleksandr Neradko, a copy of which is in RBC’s possession. The document was also published by the “Aviatorshchyna” Telegram channel. This is a concrete example of the fact that as a result of an encryption attack, a huge industry significantly slowed down its development, made it difficult to exist, and greatly slowed down the conduct of war. By disabling electronic systems and databases, supply chains and logistics can be disrupted and have a significant economic impact.

I am from Ukraine, the Republic of Belarus, Georgia … how can I help?

I am from Ukraine, the Republic of Belarus, Georgia … how can I help? We publish this information as part of the Botnet material (h2), and in general, we regularly conduct any information campaigns on the HackYourMom Telegram, YouTube, and Tiktok channel. Or in the “support by repost” section, there is a ready-made text that you can spread across groups, channels and your social networks. networks

We give out tasks to destroy the economy of the Russian Federation, stop the war, information actions, spreading the truth, calls to block and boycott businesses that have not left the Russian Federation and much more, join the channel or on Patreon, choose a task and start fighting and partisanship with the couch army .

If you also came up with a cool information campaign or know how to improve it, want to add something and are capable of systematic and CONSTRUCTIVE actions, you can write to us in the bot https://t.me/HackYourMom_reg_bot

And then what should Russia do?

After the end of the war, sanctions will be lifted, files and computers can be restored, business will return to the Russian Federation when the Russian Federation ceases to be an aggressor country, but now the most important thing is to stop senseless deaths on both sides. After all, every soldier who dies in the war in Ukraine is not just someone’s son, he is a person who could become an IT worker, an artist, an engineer, an economist, a manager, and in general a happy citizen who would develop the economy and not bring grief. and death is incomprehensible in the name of what and in the name of whom.

How can a Russian help Ukraine?

1) Pour information into the bot

Drain information, databases, accesses, logins, passwords, repositories, official information, and everything that can be used against the Russian Federation.

How and where to drain? We open the bot: https://t.me/stop_russian_war_bot, we are registering (it will simply ask for your phone number, you can send from the left telegrams https://onlinesim.ru – for registering a left one-time telegram for 5 minutes)

Bot > /start > Authorization > Click “Create a new message” > Cyber Front > Send info, access, whatever, as a TXT file. > We add a verbal description of what was sent!

2) Encrypt the system in the Russian Federation and say that it was a virus

By encrypting a server or a simple workstation or even a computer at school using any Viper(a) (virus destroyer) or RansomWare (virus encryptor – extortionist) you will help stop the idiots who started the war, because it will cost a lot to recover the data time and resources or they will be permanently lost! Instructions and ready-made software immediately below:

How to encrypt/infect a work computer in Russia?​

  1. Turn off antivirus software.

  2. Download the archive hackyourmom_v2_ransom.zip.(password from the archive 123) If the browser blocks (for example, chrome), go to download and click “save” and “continue anyway”

  3. We unpack the archive and run one of the 13 files, you can several at once (preferably at the end of the working day, and leave the computer turned on at night).

  4. We observe how in the background the files change their format and are actually encrypted.

  5. PROFIT! The encryptor does not affect system files and executable programs, only work files, documents and databases.

  6. In the morning with a surprised face we come and say that someone has encrypted and hacked the system! You can blame Anonymous.

Ditto for advanced users:

  1. Look on GitHub or anywhere for RansomWare/Wiper type viruses with asymmetric encryption or the ability to delete the key in the process. Or RansomWare Builder, if you want to be paid for the “decryption” of files, will allow you to sew your wallet.

  2. We disable the antivirus and all means of protection of the computer/database/server.

  3. Launch Ransomware/Wiper.

  4. We also delete or encrypt all backups, backups and spare servers so that they cannot be quickly restored.

  5. Just in case, we clean the system logs (windows log, bash log, history and above CCleaner).

  6. The next day or after discovering that everything is encrypted: we come to work and turn on the perch mode with the question “who did it?” evil hackers got to us too! Blame everything on Anonymous, this is a trend in Rosaviatsia.

Found an error?
If you find an error, take a screenshot and send it to the bot.