Prince Ransomware - An Open Source Ransomware Builder That Automatically Build Ransomware Freely Available in GitHub - Cyber Security News

WithSecure Labs security analysts noted multiple instances of Prince Ransomware-based attacks, including a prominent case in February 2025, when Taiwan’s Mackay Memorial Hospital fell victim to “CrazyHunter” ransomware. This architecture represents a significant evolution in the ransomware threat landscape, enabling a new generation of cyber attackers to deploy sophisticated encryption capabilities with minimal technical knowledge. The tool’s architecture enables even those with limited technical expertise to generate fully functional ransomware by simply modifying a configuration file to customize elements like ransom notes and encrypted file extensions. Attack vectors vary by deployment, but in documented cases, attackers combined Prince-built ransomware with defense evasion techniques like “Bring Your Own Vulnerable Driver” (BYOVD) and lateral movement tools such as SharpGPOAbuse to maximize impact across networks. ---------- Prince Ransomware ---------- Your files have been encrypted using Prince Ransomware! They can only be decrypted by paying us a ransom in cryptocurrency. The researchers found that Prince Ransomware generates variants with minimally modified ransom notes, demonstrating how little customization is needed to deploy new ransomware strains. This combination has proven particularly effective, allowing threat actors to disable security products and spread ransomware throughout organizational networks. For each file, the builder generates a unique ChaCha20 key and nonce, then encrypts using a pattern where 1 byte is encrypted followed by 2 bytes left unencrypted. This Go-language builder was freely available on GitHub, significantly lowering the technical barrier for attackers to launch sophisticated ransomware campaigns. The ChaCha20 key and nonce are encrypted using an ECIES public key and appended to the file beginning, making decryption without the private key extremely difficult. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. The encryption mechanism employed by Prince Ransomware demonstrates considerable sophistication.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 03 Apr 2025 06:40:16 +0000


Cyber News related to Prince Ransomware - An Open Source Ransomware Builder That Automatically Build Ransomware Freely Available in GitHub - Cyber Security News

Prince Ransomware - An Open Source Ransomware Builder That Automatically Build Ransomware Freely Available in GitHub - Cyber Security News - WithSecure Labs security analysts noted multiple instances of Prince Ransomware-based attacks, including a prominent case in February 2025, when Taiwan’s Mackay Memorial Hospital fell victim to “CrazyHunter” ransomware. This ...
1 month ago Cybersecuritynews.com
10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
3 months ago Cybersecuritynews.com
10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
1 month ago Cybersecuritynews.com
Prince Ransomware Hits UK and US via Royal Mail Phishing Scam - The ransomware encrypts files on the victim’s computer, adding the “.womp” extension, and displays a ransom note demanding payment in Bitcoin for decryption. The attack, known as the “Prince Ransomware,” utilizes a ...
7 months ago Gbhackers.com
The Rise of Cyber Insurance - What CISOs Need to Consider - Cyber insurance offers not just financial protection against potentially devastating cyber incidents but also provides frameworks for improving security posture, access to specialized resources, and support during crisis scenarios. Beyond financial ...
1 month ago Cybersecuritynews.com
Wazuh: Building robust cybersecurity architecture with open source tools - Building a cybersecurity architecture requires organizations to leverage several security tools to provide multi-layer security in an ever-changing threat landscape. Leveraging open source tools and solutions to build a cybersecurity architecture ...
1 year ago Bleepingcomputer.com
Wazuh: Building robust cybersecurity architecture with open source tools - Building a cybersecurity architecture requires organizations to leverage several security tools to provide multi-layer security in an ever-changing threat landscape. Leveraging open source tools and solutions to build a cybersecurity architecture ...
1 year ago Bleepingcomputer.com
CrazyHunter Hacker Group Using Open-Source Tools from GitHub to Attack Organizations - Once they’ve gained sufficient control, they deploy their ransomware, encrypting files with the “.Hunter” extension and leaving a ransom note titled “Decryption Instructions.txt” while also changing the victim’s ...
1 month ago Cybersecuritynews.com
Are the Fears about the EU Cyber Resilience Act Justified? - "The draft cyber resilience act approved by the Industry, Research and Energy Committee aims to ensure that products with digital features, e.g. phones or toys, are secure to use, resilient against cyber threats and provide enough information about ...
1 year ago Securityboulevard.com
Are the Fears About the EU Cyber Resilience Act Justified? - On Wednesday, July 19, the European Parliament voted in favor of a major new legal framework regarding cybersecurity: the Cyber Resilience Act. The act enters murky waters when it comes to open-source software. It typically accounts for 70% to 90% of ...
1 year ago Feeds.dzone.com
CVE-2024-26626 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
Open Source Password Managers: Overview, Pros & Cons - There are many proprietary password managers on the market for those who want an out-of-the box solution, and then there are open source password managers for those wanting a more customizable option. In this article, we explain how open source ...
1 year ago Techrepublic.com
Top 30 Best Penetration Testing Tools - 2025 - The tool supports various protocols and offers advanced filtering and analysis capabilities, making it ideal for diagnosing network issues, investigating security incidents, and understanding complex network interactions during penetration testing. ...
1 month ago Cybersecuritynews.com
Three Key Threats Fueling the Future of Cyber Attacks - Improvements in cyber security and business continuity are helping to combat encryption-based ransomware attacks, yet the cyber threat landscape is continually evolving. Protecting an organization against intrusion remains a cat and mouse game, in ...
1 year ago Cyberdefensemagazine.com
Fighting ransomware: A guide to getting the right cybersecurity insurance - While the cybersecurity risk insurance market has been around for more than 20 years, the rapidly changing nature of attacks and the rise in the ransomware epidemic has markedly changed the nature of cyber insurance in recent years. It's more ...
1 year ago Scmagazine.com
Cyber Insurance for Businesses: Navigating Coverage - To mitigate these risks, many businesses opt for cyber insurance. With the wide range of policies available, navigating the world of cyber insurance can be overwhelming. In this article, we will delve into the complexities of cyber insurance and ...
1 year ago Securityzap.com
Uncertainty Is the Biggest Challenge to Australia's Cyber Security Strategy - Political shifts could lead to changes in Australia's cyber security strategy. Early in 2023, as the Australian government started to craft its cyber security vision, it met with opposition at both ends of the political spectrum. On the right wing, ...
1 year ago Techrepublic.com
Cyber Insurance: A Smart Investment to Protect Your Business from Cyber Threats in 2023 - Don't wait until it's too late - get cyber insurance today and secure your business for tomorrow. According to the U.S. Federal Trade Commission, cyber insurance is a particular type of insurance that helps businesses mitigate financial losses ...
1 year ago Cyberdefensemagazine.com
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
7 months ago Cyberdefensemagazine.com Akira
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
IT Professionals in ASEAN Confronting Rising Cyber Security Risks - The ASEAN region is seeing more cyber attacks as digitisation advances. In July 2023, the Association of Southeast Asian Nations officially opened a joint cyber security information sharing and research centre, or Cybersecurity and Information Centre ...
1 year ago Techrepublic.com
APT32 Hackers Weaponizing GitHub to Attack Cybersecurity Professionals & Enterprises - The malware, detected by ThreatBook analysts as Trojan.CobaltGate, employs a multi-stage infection chain beginning with socially engineered GitHub repositories posing as legitimate penetration testing tools. This technique allows the malware to blend ...
1 month ago Cybersecuritynews.com APT3 APT32
CVE-2023-30853 - Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration ...
2 years ago
Securing the code: navigating code and GitHub secrets scanning - Enter the world of GitHub secrets scanning tools, the vigilant sentinels of your digital gala. Secrets scanning in GitHub is anchored by two fundamental strategies: proactive prevention and reactive detection, each serving a critical function in ...
1 year ago Securityboulevard.com
Launching Your First Open Source Project - I've been deeply immersed in the world of developer products for the past decade, and let me tell you, I've been quite an open-source enthusiast. Over the years, I've had the pleasure of shepherding open-source projects of all shapes and sizes. ...
1 year ago Feeds.dzone.com Cactus