Should open source ransomware be banned?

Ransomware has been a growing concern since the last couple of years as the rate and cost of the related incidents saw major increases year over year. In response, NGOs, journalists, and security vendors started to educate the public in this respect. Various security companies invest effort and time in building solutions that would help people and businesses mitigate the ransomware threats. In spite of all these, the rate of incidents continued to grow in 2016 and is projected to increase in 2017 as well. According to an analysis conducted by Kaspersky, the number of new ransomware families increased by 62, and the number of ransomware variations tripled in Q4 2016 compared to Q1 2016.

Obviously, ransomware is a major security issue for consumers and businesses alike, but in spite of that, we can still easily find tools and pieces of code that can help anyone deliver ransomware attacks. We have covered here the availability of ransomware-as-a-service, which makes such attacks easy for people without development skills but willing to pay a certain amount of money.

Today, let’s have a look at what is available for those who have some coding skills (and may not be willing to invest money into an attack).


A simple search on GitHub, one of the most popular open source code repositories, with the keyword “ransomware” yields 209 results. These results include code that can be used to build ransomware in various programming and scripting languages. Some of the users publishing such content claim that the code is there for educational purposes while others give out detailed instructions on how to create ransomware starting from the code snippets available on their Git repository. All one needs to do is select the preferred programming language to narrow down the results, and start building their ransomware, all beefed up with encryption/decryption functionality, command server communication protocols and ransom UI.

GitHub search results for “ransomware”


A similar search on YouTube, for the string ““how to build” ransomware” yields around 2,700 results. A good portion of them can be used as instructions on how to package malware in general and ransomware, in particular, primary methods of eluding detection as well as most efficient delivery ways (phishing, embedding as macros, etc.).

YouTube search results for “”how to build” ransomware”


Similar searches on Google, apart from showing some of the video results that YouTube shows, returns a significant number of other web resources. Some of the results point to blogs and other websites that give instructions on how to build ransomware, but not the majority. Upon closer examination, most of the results are about how to mitigate the ransomware risk or how to create defenses against ransomware.

Having a wealth of information on how to make ransomware, as well as usable code that helps achieve such goals clearly has consequences and these consequences fuel an ongoing debate around limiting the availability of such information.

Among the negative effects, we can quickly identify the following:

  • An increase in the number of potential attackers;
  • Ultimately, an increase in the number of attacks;
  • An increase in the number of unique ransomware variants that may be harder to detect than the known base families;

The positive consequences part of this debate revolve around raising awareness and the educational benefits of having such information available, but the opponents argue that such purposes can be served without going into specifics that allow reusing code or technology for malicious purposes.

It remains to be seen what happens next: will there be control measures to restrict access to complete open source ransomware code and very detailed information on how to build ransomware, or the things will remain as they are today. It will be interesting to monitor the evolution of this debate, in parallel with the evolution of ransomware as a phenomenon.

How can we help

TEMASOFT supports the idea of sharing ransomware-related information responsibly and, at the same time, builds technology able to detect unique ransomware variants and able to restore files lost to successful ransomware attacks.This technology will soon be available.

For more information, follow us on social media and subscribe to our newsletter.