Heimdall is an open-source ransomware variant coded in PHP that targets web servers through compromised Remote Desktop Protocol (RDP) connections and file transfers. It is designed to encrypt all files within the server’s root folder using the AES-128-CBC algorithm. Heimdall provides users with a GUI that allows them to set a password for the encrypted files, leave a ransom note for the victim, and track the ransomware variant’s activity. The developer behind Heimdall released the code publicly on GitHub.com, reportedly for “educational” purposes, but many researchers have noted lately that this practice is dangerous and often leads to spin-off varieties created and used by criminals to turn a profit. After an article about Heimdall was published by Bleeping Computer, the developer removed the code from GitHub. However, it is unknown how many times the code had been downloaded prior to its removal.
- Bleeping Computer provides more information about Heimdall here.
- The NJCCIC is not aware of any decryption tools available for Heimdall.