Ransomware is easier than you think. There exists already material, guides, tools and payloads so whats your excuse? Many low level groups with little to no skill or knowledge have been seen using the Conti playbook 1:1 (even using the same RDP passwords) and still managed to make a decent living. --- [ Conti Playbook: https://github.com/ForbiddenProgrammer/conti-pentester-guide-leak A lot of ransomware payloads by the biggest groups use and recycle a lot of code below are some you could use, edit and recompile to fit your own operations. --- [ RAAS Payloads: https://www.vx-underground.org/archive.html, https://github.com/gharty03/Conti-Ransomware, https://web.archive.org/web/20210828054142/https://codeload.github.com/leonv024/RAASNet/zip/refs/heads/master, https://www.blackhillsinfosec.com/bitlocker-ransomware-using-bitlocker-for-nefarious-reasons/ There are many ways to get an initial foot hold into a companies network none of which require a high degree of skill, knowledge or the use of a fancy 0days. A lot of attacks use already discovered vulnerabilities and exploits commonly found on github. --- [ https://enlacehacktivista.org/index.php?title=Learn_to_hack#Initial_Access 1. Scan the internet on mass to find outdated software that's externally facing and exploit with public exploits from exploit-db and GitHub --- [ https://enlacehacktivista.org/index.php?title=OpRussia, https://enlacehacktivista.org/index.php?title=Learn_to_hack#CVE_POCs, https://www.exploit-db.com, https://github.com/ 2. Phish. Phishing remains #1. --- [ https://enlacehacktivista.org/index.php?title=Learn_to_hack#Phishing 3. Buying employee credentials from credential marketplaces such as genesis. look for RDP, "admin", VPN, RMMs of any kind. Lapsus$ showed that all you need to do to pwn a big company are the employee's slack channel cookies. Ransomware groups commonly use RDP for lateral movement (the terminal is too scary it seems), RDP as we know by now stands for "Ransomware Deployment Protocol". --- [ https://genesis.market/guest/login/index 4. Mass bruteforce RDP, SSH and anyother protocol's that could land you a sufficient foothold. --- [ NLBrute, Brutespray (https://github.com/x90skysn3k/brutespray) or something custom As you can see all the tools you need are freely and readily available to you and for anyone to use. Go rent a cheap VPS (pay with xmr and connect with Tor), throw a cobaltstrike teamserver on it, set up some re-directors, a sexy profile and start slinging your beacons around. --- [ https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html, https://github.com/c0sette/Cobalt4.4, https://enlacehacktivista.org/index.php?title=Learn_to_hack#Active%20Directory, https://docs.google.com/spreadsheets/d/1b4mUxa6cDQuTV2BPC6aA-GR4zGZi0ooPYtBe4IgPsSc/edit, https://github.com/infosecn1nja/Red-Teaming-Toolkit