Povlsomware Ransomware is an open source ransomware available on github. It is written in C# and claims to test the "ransomware protection claims" by Anti-malware / security solutions. It operates much like most ransomware families, deleting backups, encrypting user files while avoiding system directories, purposefully, and displaying a ransom note to the victim. Interestingly, the ransomware does not append a new extension to the encrypted file names, so the files do not look different when viewed in a directory. It also intentionally does not to move laterally, Since it is opensource anyone malicious actor can make it do so, and use it as a part of their attack chain.
Another significant features of this ransomware that makes it hard to detect and analyze is its ability of being executed by Cobalt Strike's execute-assembly function, which allows a payload to be run through memory from a Cobalt Strike server without dropping a payload onto the victim system.
Download Povlsomware Ransomware Source
Povlsomware Ransomware Signatures
Povlsomware Ransomware Download