Prince now has a Windows Defender flag, namely “Ransom:Win64/PrinceRansom.YAA!MTB”. This means that Prince Ransomware will no longer bypass Windows Defender without modifications to remove the signature.
If, for whatever reason, bypassing Windows Defender is a priority for you, contact me on Telegram and I will accept payment for any changes you may require.
Prince is a ransomware written from scratch in Go. It uses a mixture of ChaCha20 and ECIES cryptography in order to encrypt files securely so that they cannot be recovered by traditional recovery tools.
Files which have been encrypted by Prince can only be decrypted using the corresponding decryptor.
Build.bat
file.Builder.exe
file in the current directory.Builder.exe
program.Encryptor
and Decryptor
directories, as it will not be able to build them otherwise.Prince-Built.exe
file is the encryptor. Use caution when handling it as it can cause a lot of damage to your system.Decryptor-Built.exe
file is the decryptor. It will only decrypt files which were decrypted by the corresponding encryptor.I chose this unique combination of encryption methods for several reasons:
For more information click here.
Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…
Introduction In the vast ocean of the internet, the most powerful tool you already have…
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…