Povlsomware Ransomware is an open source ransomware available on github. It is written in C# and claims to test the "ransomware protection claims" by Anti-malware / security solutions. It operates much like most ransomware families, deleting backups, encrypting user files while avoiding system directories, purposefully, and displaying a ransom note to the victim. Interestingly, the ransomware does not append a new extension to the encrypted file names, so the files do not look different when viewed in a directory. It also intentionally does not to move laterally, Since it is opensource anyone malicious actor can make it do so, and use it as a part of their attack chain.
Another significant features of this ransomware that makes it hard to detect and analyze is its ability of being executed by Cobalt Strike's execute-assembly function, which allows a payload to be run through memory from a Cobalt Strike server without dropping a payload onto the victim system.
Download Povlsomware Ransomware Source
Povlsomware Ransomware Signatures
Family: Ransom:MSIL/RnToad.SL!MTB
MD5: c7cfaca6501361febe27a6b3e66a61bf
SHA256: fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44
Povlsomware Ransomware Download