Vissransomware except in addition to encrypting data it plays a 10 hour supercut of all yotubes worst jarjar binks impressions and zingers forever until they pay
ransomware except it turns on 2fa for you and doesnt give you the recovery email or codes til you pay
ransomware except it ioncube encrypts your wordpress blog and posts nothing but the most cringe, embarrasing memes from 9gag every hour til you pay
ransomware except it signs you up to every mailing list for every vendor at rsa with your personal mobile phone and resubscribes you every 24 hours using mail aliases til you pay
ransomware except it uses hacked openclaw instances and stolen elevenlabs api keys to text-to-speech all new posts on moltbook.com/m/blesstheirhearts, then call you in random intervals 1-15 mins and read them to you aloud on every platform, starting with discord, then signal, then teams then eventually going to mobile phone. then hires bike messenger types to come ring your doorbell and read them to you in person telegram style
ransomware except it just leaks the mailspools of the c suite instead of encrypting anything
ransomware except it creates an ooo responder in o365 that has a btc address in it, a link to a nonexistent onlyfans page and a footer with a lobster emoji and text that says 'sent from my openclaw'
ransomware except it targets twitter users and posts as them advertising cryptoscams, feet pics and starts flamewars with super angry political nutbags
ransomware except it does the super 2005 era shit like rotating your windows display, or changing the keyboard layout to dvorak and occasionally displaying a qr code to a btc wallet til you pay. and it pushes that shit to the c-suite and board members first
ransomware except it just changes all the creds to all your switches, routers and firewalls
ransomware except the only thing it encrypts is that absolutely gargantuan landfill fileshare you have where everyone puts their shit and theres no permissions model and everyone can see everything, so its the companies giant junk drawer
ransomware except it only specifically targets aws, azure and gcp environments that are using tagging, thinking that coutns as network segmentation
ransomware except snoops mailspools, teams and slack, then forwards threads/screenshots to regulators where people in security departments are openly laughing about having lied to make it past compilance and regulatory rules/laws
ransomware except it forces only the executive staff, from managers and up, to retake the phishing training testing over and over again, and functions as a paywall on macs and windows boxes preventing them from using their computers untill they complete the training. and it spreads to their home devices, and specifically targets iphones and ipads of their kids as well
ransomware except it leaks c-suite and board member browser histories for the last 90 days
ransomware except it randomly selects 100 staff members and gives them a 5000 dollar daily bonus for every day that they follow the CEO around singing happy birthday, the song that never ends, the rebecca black friday friday song, the macarena or its a small world over and over again until the ransom is paid. the bonuses come out of the executive leadership bonus pool
ransomware except it volunteers you to be a boothbabe what whatever vendors that still use booth babes at rsa and blackhat
ransomware except that it specifically finds any machines that still have diskette drives in them and plays the mexican hat dance, the imperial march, or the mario theme on them either until their stepper motors burn out, or the ransom is paid
ransomware except, stuxnet style, specifically looks for any computers that are interfaces to mainframes, are mainframe adjacent, or otherwise in a critical workflow path, pauses all the queues in the mainframe, empies them, then rms all the regular computers. doesnt even aim for a ransom. overwrites the bootloader with the nyancat one, except instead of a cat its the fight club bar of soap
WinterKnight 
@Viss we’ve got new bootloader overwrites now too!
@winterknight1337 show me :D
@Viss the only one I have a picture of is this. we found a payload that overwrites a bootloader with flappy bird, I’ve got it as a one liner (and more) that I can send you :D
@winterknight1337 this is fucking spectacular
@Viss one of our new guys found it and I was so, so happy.
@Viss Here's the gist with the payloads
https://gist.github.com/winterknight1337/ebc236af597f3e93aeaa2882168ad748. These were compiled by one of the students and shared with us.
h/t @da_667
https://infosec.exchange/@da_667/116291164722073458
malware except it only infects networking appliances that can make pc speaker beeps and boops and forces them to loop through a cacophany of all the shit we used to play on the pc speaker as kids.
mario, doom music, heretic music, descent, star wars, various shit from the mod days
ransomware except it uses cordura, pegasus or whatever the popular iphone 0day factory is current to randomly light up siri to try and awkwardly flirt with you. it has detection for if youre in a meeting, or traveling, and does the ingress thing to measure delicate changes in accelerometer, gait analysis, nearby bt addresses and more. it pipes up when it knows youre on a zoom/teams call, or in line at the bank or dmv
ransomware except it replaces every alpine base image in your kubernetes clusters with hannah montana linux
ransomware except it deploys 500,000 lambda instances under your aws account that all run python cryptominers
this has been 'ransomware noodling with viss'.
if you select any one of these to use in a scenario, or mention as a real threat to your org, please link to this thread or give me a hat tip or something. that would be kind of you.
bonus points if you hire Phobos to run a tabletop.
waitwaitwait i have one more!
ransomware but it ONLY targets orgs that use ms teams, and it spiders the entire calendar looking for any meetings that are open, and joins them with a virtual webcam and plays the never gonna give you up video - it joins randomly between 1-10 minutes into the meeting, repeatedly, forever, for every meeting.
until you pay
Bryan L. Fordham@Viss That idea will never let you down
AethonPoint that one at any trust in the UK health service. Guaranteed results. No one knows anything, including the so called IT teams. I could tell stories….
Sadly, you could warn them all you like and they would just shrug. I still get emails regularly (don’t ask, it’s a story involving a temp Job a decade ago) singing the praises of copilot for my daily admin.
Ron Bowes
`Da Elf
Fritz Adalis@Viss
See, this thread is what real thought leadership is.
See, this thread is what real thought leadership is.
Pxl Phile@FritzAdalis @Viss thought leadership. I haven't heard this term since Twitter times...
Paul_IPv6well, not currently in a place to hire phobos but i can be *damned sure* i don't ever want to piss you off. :D
jesterchen42@Viss Wow.
I'll sure as hell send a link to this to our BCM staff rn!
Gary Blosser@Viss That could make for a very interesting tabletop scenario piece 🤣
@zombie042 think of this entire thread this way
if this is the shit im giving away
what am i saving for customers who pay me to run tabletops for them? :D
@Viss Been in a meeting since 7am, will have to look through the others. I do the same though, have some great tabletops I developed and don't share 😀
@zombie042 muahahha, maybe we can tagteam in the future! that would be super fun
FishermansEnemy 「漁師の敵」 @Viss ransomware except it changes your key map to en_gb
◄◄ ► █ ►►@Viss the irony is that after a long career in computing my first gut reaction is "oh thank fuck" to every single one of these. "peace at last." :)
materializing variations@Viss You are a monster
B05H
Mark Daniels-Wr. 🟢@Viss this is truly demonic, the horror, have they no honour?
Scott Wilson
elltee
J4ck@Viss okay, so hear me out...
What if, and we can decide who later, we just disallow reply-all without some kind of quiz first?
Like two lists, one list allows reply-all's and the other list only gets reply-all's when they figure out Neal.fun's password game or something.
@jackryder what youre tired of 'what garlic bread are you' quizzes being sent around the office littered with 1995 flavored clipart, and massive, purple cursive font email signatures?
@Viss How about
import subprocess
import time
CMD = ["eject", "-t"]
DELAY_SECONDS = 1.0
def main():
while True:
try:
subprocess.run(CMD, check=False)
except Exception:
# ignore errors and continue
pass
time.sleep(DELAY_SECONDS)
if __name__ == "__main__":
main()
@scottwilson can ... can laptops do the pc speaker beep anymore? is that even still a thing?
@Viss Oooh that would be great. I don't know!
da_667@Viss @scottwilson I don't know about laptops, but my ali-express chinesium pfSense router can.
@da_667 @scottwilson HOLY FUCK YES OH MY GOD
schrotthaufen@Viss @scottwilson Ubuntu is really obnoxious if you remove pcspkr from the modules blacklist
@schrotthaufen @scottwilson how many companies have onsite servers now that they can actually hear?
@Viss @scottwilson If you can hit the resonance frequency of spinning platter drives with loud enough beeps, even the c suite execs will hear it :P
Chip
"Musty Bits" McGee@Viss did you see master boot record? I feel like I've sent you them before or you might have seen them