cyanmischa
Member
- Joined
- July 11, 2025
- Messages
- 7
- Reaction score
- 0
- Points
- 1
- Thread Author
- #1
In https://x.com/DailyDarkWeb/status/2044591836467958167 there are reports of someone claiming to be the HybridPetya owner and selling HybridPetya source code. However, I know that this is a scam, because 'HybridPetya' is the incorrect name of the ransomware as reported by Eset Security. In reality, the correct names are notpetyanew, notpetya_new, improved_notpetyanew, and notpetyanew_improved_final, and those are four different ransomwares, not one ransomware like Eset is claiming. If the real notjanus were to publish those source codes, he would not use the incorrect name 'HybridPetya' but would refer to the ransomware using the correct names, and would sell the four ransomwares separately. Therefore, this proves that the 'HybridPetya' source code sale is a scam.
The correct description of four different ransomwares:
notpetyanew → first encrypts files with AES 256 CBC and then it asks for UAC and then encrypts MBR and MFT with salsa20
notpetya_new → uses the same file encryption as notpetyanew but works in pure UEFI, it encrypts MFT and FAT with salsa20 but uses 128-bit key for MFT and 256-bit key for FAT
improved_notpetyanew → notpetya_new variation that bugfixed uefi bootloader to throw error when it detects read only disk, and detects if notpetya_new encrypted the files
notpetyanew_improved_final → encrypts files, infects UEFI and MBR bootloaders, checks 0xFFFFFFFF file size
If notjanus ever were to publish the real source code of those four ransomwares, you would be able to verify the legitimacy of the source by checking if the code of the ransomware matches the description. If the code mismatches any of the descriptions, you know it's fake. If the inner 16-bit notpetya kernel is only available in raw form (like in RedPetyaOpenSSL) or is in the form of a disassembly and not human readable code, that's another sign that the source code is fake.
It is recommended to use cyanmischa ransomware, which encrypts files with salsa40, works in Windows NT 3.5 and up and Windows 95 and up, and has error correction codes so that user can misspell personal decryption code and final decryption key. http://darknet77vonbqeatfsnawm5jtno...s/how-to-compile-cyanmischa-ransomware.37573/ The full source code of cyanmischa is available for free, all the instructions to compile are given, all the encryptions are verifiable through the source code. I don't sell anything except for decryption, and the source code is not encrypted unless you specifically run cyanmischa on a PC that contains cyanmischa source code, so you know that cyanmischa is fully legitimate ransomware, and if someone claims to sell cyanmischa source code, it's definitely fake.
The correct description of four different ransomwares:
notpetyanew → first encrypts files with AES 256 CBC and then it asks for UAC and then encrypts MBR and MFT with salsa20
notpetya_new → uses the same file encryption as notpetyanew but works in pure UEFI, it encrypts MFT and FAT with salsa20 but uses 128-bit key for MFT and 256-bit key for FAT
improved_notpetyanew → notpetya_new variation that bugfixed uefi bootloader to throw error when it detects read only disk, and detects if notpetya_new encrypted the files
notpetyanew_improved_final → encrypts files, infects UEFI and MBR bootloaders, checks 0xFFFFFFFF file size
If notjanus ever were to publish the real source code of those four ransomwares, you would be able to verify the legitimacy of the source by checking if the code of the ransomware matches the description. If the code mismatches any of the descriptions, you know it's fake. If the inner 16-bit notpetya kernel is only available in raw form (like in RedPetyaOpenSSL) or is in the form of a disassembly and not human readable code, that's another sign that the source code is fake.
It is recommended to use cyanmischa ransomware, which encrypts files with salsa40, works in Windows NT 3.5 and up and Windows 95 and up, and has error correction codes so that user can misspell personal decryption code and final decryption key. http://darknet77vonbqeatfsnawm5jtno...s/how-to-compile-cyanmischa-ransomware.37573/ The full source code of cyanmischa is available for free, all the instructions to compile are given, all the encryptions are verifiable through the source code. I don't sell anything except for decryption, and the source code is not encrypted unless you specifically run cyanmischa on a PC that contains cyanmischa source code, so you know that cyanmischa is fully legitimate ransomware, and if someone claims to sell cyanmischa source code, it's definitely fake.
