Vissransomware except in addition to encrypting data it plays a 10 hour supercut of all yotubes worst jarjar binks impressions and zingers forever until they pay
ransomware except it turns on 2fa for you and doesnt give you the recovery email or codes til you pay
ransomware except it ioncube encrypts your wordpress blog and posts nothing but the most cringe, embarrasing memes from 9gag every hour til you pay
ransomware except it signs you up to every mailing list for every vendor at rsa with your personal mobile phone and resubscribes you every 24 hours using mail aliases til you pay
ransomware except it uses hacked openclaw instances and stolen elevenlabs api keys to text-to-speech all new posts on moltbook.com/m/blesstheirhearts, then call you in random intervals 1-15 mins and read them to you aloud on every platform, starting with discord, then signal, then teams then eventually going to mobile phone. then hires bike messenger types to come ring your doorbell and read them to you in person telegram style
ransomware except it just leaks the mailspools of the c suite instead of encrypting anything
ransomware except it targets twitter users and posts as them advertising cryptoscams, feet pics and starts flamewars with super angry political nutbags
ransomware except it does the super 2005 era shit like rotating your windows display, or changing the keyboard layout to dvorak and occasionally displaying a qr code to a btc wallet til you pay. and it pushes that shit to the c-suite and board members first
ransomware except it just changes all the creds to all your switches, routers and firewalls
ransomware except the only thing it encrypts is that absolutely gargantuan landfill fileshare you have where everyone puts their shit and theres no permissions model and everyone can see everything, so its the companies giant junk drawer
ransomware except it only specifically targets aws, azure and gcp environments that are using tagging, thinking that coutns as network segmentation
ransomware except snoops mailspools, teams and slack, then forwards threads/screenshots to regulators where people in security departments are openly laughing about having lied to make it past compilance and regulatory rules/laws
ransomware except it forces only the executive staff, from managers and up, to retake the phishing training testing over and over again, and functions as a paywall on macs and windows boxes preventing them from using their computers untill they complete the training. and it spreads to their home devices, and specifically targets iphones and ipads of their kids as well
ransomware except it leaks c-suite and board member browser histories for the last 90 days
ransomware except it randomly selects 100 staff members and gives them a 5000 dollar daily bonus for every day that they follow the CEO around singing happy birthday, the song that never ends, the rebecca black friday friday song, the macarena or its a small world over and over again until the ransom is paid. the bonuses come out of the executive leadership bonus pool
ransomware except it volunteers you to be a boothbabe what whatever vendors that still use booth babes at rsa and blackhat
ransomware except it signs absolutely every single person in the company who has an email address up to the elon musk fan club
ransomware except that it specifically finds any machines that still have diskette drives in them and plays the mexican hat dance, the imperial march, or the mario theme on them either until their stepper motors burn out, or the ransom is paid
ransomware except, stuxnet style, specifically looks for any computers that are interfaces to mainframes, are mainframe adjacent, or otherwise in a critical workflow path, pauses all the queues in the mainframe, empies them, then rms all the regular computers. doesnt even aim for a ransom. overwrites the bootloader with the nyancat one, except instead of a cat its the fight club bar of soap
WinterKnight 
@Viss we’ve got new bootloader overwrites now too!
@winterknight1337 show me :D
@Viss the only one I have a picture of is this. we found a payload that overwrites a bootloader with flappy bird, I’ve got it as a one liner (and more) that I can send you :D
@winterknight1337 this is fucking spectacular
@Viss one of our new guys found it and I was so, so happy.
@Viss Here's the gist with the payloads
https://gist.github.com/winterknight1337/ebc236af597f3e93aeaa2882168ad748. These were compiled by one of the students and shared with us.
h/t @da_667
https://infosec.exchange/@da_667/116291164722073458
malware except it only infects networking appliances that can make pc speaker beeps and boops and forces them to loop through a cacophany of all the shit we used to play on the pc speaker as kids.
mario, doom music, heretic music, descent, star wars, various shit from the mod days
ransomware except it uses cordura, pegasus or whatever the popular iphone 0day factory is current to randomly light up siri to try and awkwardly flirt with you. it has detection for if youre in a meeting, or traveling, and does the ingress thing to measure delicate changes in accelerometer, gait analysis, nearby bt addresses and more. it pipes up when it knows youre on a zoom/teams call, or in line at the bank or dmv
ransomware except it replaces every alpine base image in your kubernetes clusters with hannah montana linux
ransomware except it deploys 500,000 lambda instances under your aws account that all run python cryptominers
Gary Blosser@Viss That could make for a very interesting tabletop scenario piece 🤣
FishermansEnemy 「漁師の敵」 @Viss ransomware except it changes your key map to en_gb
◄◄ ► █ ►►
rx13 
@Viss
This is pretty similar to what they actually do. They're a little more sneaky about it to make reverting difficult for victims.
The actor gets admin on a victim cloud account, then spin up an account they control. They set up cross account sharing from the victim account (AWS RAM), and then deploy the cryptomining on the account they control using victim compute.
The only thing victim sees is the RAM enablement logs, if they're monitoring at all, and compute charges, but none of the actual compute instances.
materializing variations@Viss You are a monster
B05H
Mark Daniels-Wr. 🟢@Viss this is truly demonic, the horror, have they no honour?
Paul_IPv6
Scott Wilson
J4ck@Viss okay, so hear me out...
What if, and we can decide who later, we just disallow reply-all without some kind of quiz first?
Like two lists, one list allows reply-all's and the other list only gets reply-all's when they figure out Neal.fun's password game or something.
@jackryder what youre tired of 'what garlic bread are you' quizzes being sent around the office littered with 1995 flavored clipart, and massive, purple cursive font email signatures?
@Viss How about
import subprocess
import time
CMD = ["eject", "-t"]
DELAY_SECONDS = 1.0
def main():
while True:
try:
subprocess.run(CMD, check=False)
except Exception:
# ignore errors and continue
pass
time.sleep(DELAY_SECONDS)
if __name__ == "__main__":
main()
@scottwilson can ... can laptops do the pc speaker beep anymore? is that even still a thing?
@Viss Oooh that would be great. I don't know!
da_667@Viss @scottwilson I don't know about laptops, but my ali-express chinesium pfSense router can.
@da_667 @scottwilson HOLY FUCK YES OH MY GOD
schrotthaufen@Viss @scottwilson Ubuntu is really obnoxious if you remove pcspkr from the modules blacklist
@schrotthaufen @scottwilson how many companies have onsite servers now that they can actually hear?
@Viss @scottwilson If you can hit the resonance frequency of spinning platter drives with loud enough beeps, even the c suite execs will hear it :P
Chip
"Musty Bits" McGee@Viss did you see master boot record? I feel like I've sent you them before or you might have seen them
The Doctor@Viss Call it Rabid Weasel. As in "turned on them like a."
Mad Engineering@Viss I can only imagine how many intelligence agencies are now begging for you to work for them, almost all of these would make the world burn.......
@madengineering i have a rate card for them, if theyre creeping (they prolly are). i'd run a fun think tank, i wager
@Viss Ransomware except it sends burglars after they had Taco Bell to clog your toilets while you’re not at home
Patrick Berry