A new ransomware builder named Nevermore Ransomware Builder has been posted for sale on a dark web forum marketplace.
With this malicious tool, attackers can effortlessly personalize their ransomware viruses to each of their own liking. It also boasts a variety of features that render it a substantial threat.
TheShadowHacker, the threat actor responsible for this malicious software, advertises that the Nevermore Ransomware Builder enables perpetrators to customize their ransomware.
They have the ability to upload their own instructions, select custom wallpapers, and even chose distinctive icons for the ransomware.
The ease with which attackers can customize their assaults to target specific targets is promoted by this level of customization.
The Nevermore Ransomware Builder's dual encryption modes are one of its most significant features.
Attackers are permitted to encrypt either the filenames or the entire content of the file. This versatility enables them to determine the extent of the harm they wish to inflict.
As an additional feature, attackers have the option to specify the method by which they desire to receive the ransom, including their preferred cryptocurrency and wallet.
Another attribute of this ransomware constructor is the “File Stealer” option. Before encrypting the files of their victims, this enables attackers to acquire them first.
In other words, victims' data may still be compromised even if they are able to retrieve their files.
Each payload produced by the Nevermore Ransomware Builder is allegedly distinct and completely undetectable by Windows Defender, according to the forum post.
The decryption process is virtually impossible for infected users due to the ransomware's utilization of a custom encoding algorithm.
Subscribe to our newsletter
This increases the risk for anyone who falls victim to this ransomware, as recovery options are limited.
The ransomware builder purchase price and contact information are not provided in the post.
Nevertheless, if a ransomware built with this software encrypts the files of individuals and organizations, they could suffer serious consequences.
This story was first discovered by Daily Dark Web, a Twitter use who publishes up-to-date information about the dark web.