Prince now has a Windows Defender flag, namely “Ransom:Win64/PrinceRansom.YAA!MTB”. This means that Prince Ransomware will no longer bypass Windows Defender without modifications to remove the signature.
If, for whatever reason, bypassing Windows Defender is a priority for you, contact me on Telegram and I will accept payment for any changes you may require.
Prince is a ransomware written from scratch in Go. It uses a mixture of ChaCha20 and ECIES cryptography in order to encrypt files securely so that they cannot be recovered by traditional recovery tools.
Files which have been encrypted by Prince can only be decrypted using the corresponding decryptor.
Build.bat
file.Builder.exe
file in the current directory.Builder.exe
program.Encryptor
and Decryptor
directories, as it will not be able to build them otherwise.Prince-Built.exe
file is the encryptor. Use caution when handling it as it can cause a lot of damage to your system.Decryptor-Built.exe
file is the decryptor. It will only decrypt files which were decrypted by the corresponding encryptor.I chose this unique combination of encryption methods for several reasons:
For more information click here.
The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…
Introduction In digital investigations, images often hold more information than meets the eye. With the…
The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…
What is a Port? A port in networking acts like a gateway that directs data…
The ls command is fundamental for anyone working with Linux. It’s used to display the files and…
The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…