InvaderX – a newly established Ransomware-as-a-Service (RaaS) program on the Dark Web

The program is actively seeking teams of experienced pentesters to join their partnership program.

Here are the key details of this dangerous and sophisticated ransomware:
Written in Rust for speed and reliability.
Unique configuration format using Twofish encryption and serialization.
Utilizes the XChaCha12 encryption algorithm with parallelism, where keys are encrypted each time using ECIES (Elliptic Curve Integrated Encryption Scheme).
The ransomware implements a proprietary one-time number generator based on a file to prevent key stream theft.

Three encryption modes are available:
Header-only mode.
Smart mode (based on metadata hashing).
Full encryption mode.

Key features include:
Disk and shared folder encryption on Windows.
Automatic discovery of shared folders.
Asynchronous file indexing.
Privilege escalation for process termination and service disruption.
SMB network spread capabilities.

For ESXi systems:
Each binary morphs and re-encrypts itself with every launch.
Snapshots and VMs are deleted, along with shell history.
Optional secure self-deletion after execution.
Ignores most signals that could interrupt operation.

Additional services like DDoS attacks and other custom requests are available to advertisers.

Note: InvaderX explicitly states they do not target countries in the CIS or BRICS regions. First contact is via PM.

If you’re a MSSP, a SOC or a Pentester looking to expand your service portfolio and unlock new revenue streams, don’t hesitate to contact ParanoidLab!