We are looking for:
- Corporate insiders (IT/Admin/Helpdesk) willing to monetize their access
- Access brokers with valid RDP/VPN/Domain access to mid-large orgs
- Social engineers skilled at initial intrusion, phishing, or physical infiltration
- Employees with USB access or local privileges (AD-connected machines are a priority)
- POA (Proof of access) needed, with OPSEC considerations for your safety
What we offer:
- No pre-pay (we don't buy access, we split the ransom)
- High revenue splits (90/10, you/us) or even higher depending on target revenue
- Partnership with freelance pentesters and gangs
- Safe, fully compartmentalized ops (no tracebacks, full OPSEC handled)
- Quick comms, payments via preferred method (XMR, escrow if required)
The process:
- Each affiliate receives a unique build of locker with their custom config for free, you can handle the negotiations and ransom demand yourself
- Victims can ask for a decryption proof which we handle
- If victims pay the ransom, affiliates receive their unique decryption tool in exchange for 10% of the ransom
Targets:
- any country, company or high-value targets including individuals. we don't care what/who your target is :)
Desolator Ransomware Features:
- following features are implemented in the ransomware:
> No need for internet connection and key exchange, operates fully offline
> Fully secure hybrid encryption using optimized custom chacha20 + RSA for key encryption (random key per-file)
> Fast and multi-threaded file discovery and encryption using windows threadpool and asynchronous I/O using IOCP
> Anti-debugging, anti-sandboxing, andti-forensics mechanisms
> Smart file encryption mode using 3 tier model:
• small files - full encryption
• medium files - head/tail encryption
• large files - chunked interval encryption
> Set icon & wallpaper
> Clears event logs, volume shadow copy and windows backups
> disables ETW and blocks DLL load action
> Bypass windows defender AV and tamper protection mechanism
> Custom ransom note
> Generate encryption report file
> Terminate processes & services
> Self-overwrite & self-deletion
> reboot after encryption
> Self-propagation in Active Directory Environment with and without credentials + persistence
> Automatic VM force stop and snapshot removal (ESXi version)
> Session detaching and persistence (ESXI version)
Reach out via session or tox:
- Session ID: 054ed5c279e4d25add442a8dbe8092c2b7649370f3e61f32234cf78de051449b1e
- ToX ID: 02B45B82EAD67AEDDC0879940088600FA9DD6356CD00BAF05121720591DA603E5EE1C276FF3A
Demo:
- here are some demo videos to see how desolator ransomware operates in Windows, Active Directory and ESXi environments: