{"id":13841428,"url":"https://github.com/PanagiotisDrakatos/JavaRansomware","last_synced_at":"2025-07-11T12:32:03.268Z","repository":{"id":45536599,"uuid":"76692464","full_name":"PanagiotisDrakatos/JavaRansomware","owner":"PanagiotisDrakatos","description":"Simple Ransomware Tool in Pure Java","archived":false,"fork":false,"pushed_at":"2022-11-16T05:28:43.000Z","size":7333,"stargazers_count":110,"open_issues_count":5,"forks_count":70,"subscribers_count":10,"default_branch":"master","last_synced_at":"2024-08-05T17:27:32.908Z","etag":null,"topics":["educational-software","encryption-decryption","malware","ransomware","security","virus"],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PanagiotisDrakatos.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-12-16T23:27:34.000Z","updated_at":"2024-08-05T16:07:52.000Z","dependencies_parsed_at":"2023-01-22T01:01:02.740Z","dependency_job_id":null,"html_url":"https://github.com/PanagiotisDrakatos/JavaRansomware","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PanagiotisDrakatos%2FJavaRansomware","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PanagiotisDrakatos%2FJavaRansomware/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PanagiotisDrakatos%2FJavaRansomware/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PanagiotisDrakatos%2FJavaRansomware/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PanagiotisDrakatos","download_url":"https://codeload.github.com/PanagiotisDrakatos/JavaRansomware/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225720402,"owners_count":17513597,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["educational-software","encryption-decryption","malware","ransomware","security","virus"],"created_at":"2024-08-04T17:01:10.758Z","updated_at":"2025-07-11T12:32:03.260Z","avatar_url":"https://github.com/PanagiotisDrakatos.png","language":"Java","funding_links":[],"categories":["Java","Java (504)"],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n\u003csup\u003eSpecial thanks my followers for supporting me:\u003c/sup\u003e\n\n\u003cdiv\u003e\n\u003cimg src=\"./logo.png\" width=\"230\" alt=\"Warp\" /\u003e\n\u003c/div\u003e\n\u003cb\u003e\nJavaRansomware encrypts a victim’s files through Java, preventing access without a decryption key\nThe code uses standard Java libraries and a custom encryption routine to execute its malicious payload\n\u003c/b\u003e\n\u003cdiv\u003e\n\u003csup\u003eVisit \u003cu\u003ewarp.dev\u003c/u\u003e to learn more.\u003c/sup\u003e\n\u003c/div\u003e\n\n\n\u003chr /\u003e\n\n# JavaRansomware\n\n\u003ca href=\"\"\u003e![build-status](https://ci.appveyor.com/api/projects/status/github/PanagiotisDrakatos/javaransomware?branch=master\u0026svg=true)\u003c/a\u003e\n\u003ca href=\"\"\u003e[![Scc Count Badge](https://sloc.xyz/github/PanagiotisDrakatos/JavaRansomware/?category=lines)](https://github.com/PanagiotisDrakatos/JavaRansomware/)\u003c/a\u003e\n\u003ca href=\"\"\u003e![GitHub Repo stars](https://img.shields.io/github/stars/PanagiotisDrakatos/JavaRansomware?style=flat\u0026logoColor=green)\u003c/a\u003e\n\u003ca href=\"\"\u003e![GitHub followers](https://img.shields.io/github/followers/PanagiotisDrakatos?style=flat\u0026logo=green)\u003c/a\u003e\n\u003ca href=\"\"\u003e![GitHub forks](https://img.shields.io/github/forks/PanagiotisDrakatos/JavaRansomware?style=flat\u0026logoColor=green)\u003c/a\u003e\n\u003ca href=\"\"\u003e![GitHub watchers](https://img.shields.io/github/watchers/PanagiotisDrakatos/JavaRansomware?style=flat\u0026logoColor=green)\u003c/a\u003e\n\u003ca href=\"\"\u003e![GitHub contributors](https://badgen.net/github/contributors/PanagiotisDrakatos/JavaRansomware/)\u003c/a\u003e\n\u003ca href=\"\"\u003e![GitHub branches](https://badgen.net/github/branches/PanagiotisDrakatos/JavaRansomware/)\u003c/a\u003e\n\u003ca href=\"\"\u003e![GitHub language count](https://img.shields.io/github/languages/count/PanagiotisDrakatos/JavaRansomware?style=flat\u0026logo=green)\u003c/a\u003e\n\u003ca href=\"\"\u003e![GitHub releases](https://badgen.net/github/releases/PanagiotisDrakatos/JavaRansomware/)\u003c/a\u003e\n\u003ca href=\"\"\u003e![GitHub Issues or Pull Requests](https://img.shields.io/github/issues/PanagiotisDrakatos/JavaRansomware?style=flat)\u003c/a\u003e\n\u003ca href=\"\"\u003e[![GitHub pull requests](https://img.shields.io/github/issues-pr/PanagiotisDrakatos/JavaRansomware.svg)](https://github.com/PanagiotisDrakatos/JavaRansomware/pulls)\u003c/a\u003e\n\u003ca href=\"\"\u003e![GitHub commit](https://badgen.net/github/commits/PanagiotisDrakatos/JavaRansomware)\u003c/a\u003e\n\u003ca href=\"\"\u003e![GitHub Downloads (all assets, all releases)](https://img.shields.io/github/downloads/PanagiotisDrakatos/JavaRansomware/total?style=flat\u0026logo=green)\u003c/a\u003e\n\u003ca href=\"\"\u003e![GitHub code size in bytes](https://img.shields.io/github/languages/code-size/PanagiotisDrakatos/JavaRansomware?style=flat)\u003c/a\u003e\n\u003ca href=\"\"\u003e[![GitHub code-size](https://img.shields.io/github/languages/code-size/PanagiotisDrakato/JavaRansomware.svg)]()\u003c/a\u003e\n\u003ca href=\"\"\u003e![GitHub repo size](https://img.shields.io/github/repo-size/PanagiotisDrakatos/JavaRansomware?style=flat\u0026logo=green)\u003c/a\u003e\n\u003ca href=\"\"\u003e[![License](https://img.shields.io/badge/license-Apache-green.svg)](https://github.com/PanagiotisDrakatos/JavaRansomware/blob/master/LICENSE)\u003c/a\u003e\n\n\u003c/div\u003e\n\n\n\u003e **Warning**  \n\u003e This project is intended **solely for educational and research purposes**.  \n\u003e **Do not** use it on any system without explicit permission. Using code like this to compromise systems or data\n\u003e without authorization is illegal and unethical.\n\n## Table of Contents\n\n1. [Project Overview](#project-overview)\n2. [What does ransomware do?](#what-does-ransomware-do)\n3. [Key Features](#key-features)\n4. [Technical Details](#technical-details)\n    - [Encryption Process](#encryption-process)\n    - [Decryption Process](#decryption-process)\n    - [Keys and Security](#keys-and-security)\n5. .[Legal Warning](#legal-warning)\n6. [Support](#support)\n7. [Note](#note)\n8. [Contribute](#contribute)\n9. [Authors](#authors)\n10. [License](#license)\n\n## Project Overview\n\n**JavaRansomware** is a proof-of-concept cryptographic ransomware application written in **pure Java**.\nIt demonstrates how a malicious actor might encrypt files on a target machine, hold them for\nransom, and only decrypt them upon certain conditions. Ransomware is malware for data kidnapping, an exploit in which\nthe attacker encrypts the victim's  files and stops them from access them.\n\nAs a teaching tool, this repository illustrates common ransomware tactics:\n\n- Iterating through a file system to find and encrypt targeted files.\n- Employing **AES-256** as the symmetric cipher.\n- Protecting the AES key using **RSA-4096** for additional security.\n\n\u003e **Again**, this software is provided for **educational** and **research** insights into how ransomware threats\n\u003e operate, so security professionals, researchers, and students can better understand and defend against them.\n\n---\n\n## What does ransomware do?\n\nThere are different types of ransomware. However, all of them will prevent you from using your\nPC normally, and they will all ask you to do something before you can use your PC. They can target\nany PC users, whether it’s a home computer, endpoints in an enterprise network, or servers\nused by a government agency or healthcare provider.\n\nRansomware can:\n\n* Prevent you from accessing Windows.\n\n* Encrypt files so you can't use them.\n\n* Stop certain apps from running (like your web browser).\n\nRansomware will demand that you pay money (a “ransom”) to get access to your PC or files. We\nhave also seen them make you complete surveys. There is no guarantee that paying the fine or\ndoing what the ransomware tells you will give access to your PC or files again.\n\n## Key Features\n\n1. **Symmetric Encryption (AES-256)**\n    - Encrypts files using a robust 256-bit key.\n    - Fast and efficient for large volumes of data.\n\n2. **Asymmetric Key Protection (RSA-4096)**\n    - The AES key is encrypted with a 4096-bit RSA public key.\n    - Prevents easy key recovery without the matching RSA private key.\n\n3. **Configurable File Paths**\n    - Specify which folders or directories to target for encryption/decryption.\n\n4. **Simple Command-Line Interface**\n    - Takes arguments for path and action (encrypt or decrypt).\n\n5. **Educational-Focused**\n    - The code is structured to highlight each step of the ransomware life cycle.\n    - Clear class and method names to guide understanding.\n\n### Encryption Process\n\n1. **File Discovery**\n    - The ransomware scans a specified directory (recursively) for files to encrypt.\n\n2. **AES Key Generation**\n    - Generates a random 256-bit (32-byte) AES key.\n    - This key protects the actual file contents.\n\n3. **RSA Public Key Encryption**\n    - The generated AES key is itself encrypted with an RSA-4096 public key.\n    - This ensures that only someone with the corresponding private key can decrypt and recover the AES key.\n\n4. **AES File Encryption**\n    - Each targeted file is encrypted with the AES key in **CBC** or **ECB** mode (depending on the implementation in\n      the code).\n    - Encrypted data replaces the original file contents (or is written to a new file).\n\n5. **(Optional) Logging/DB**\n    - The project references an embedded database for storing the victim ID, key references, etc.\n    - In a real scenario, this might be replaced by an online Command \u0026 Control (C2) server.\n\n### Decryption Process\n\n1. **RSA Private Key**\n    - The private key (matching the earlier RSA public key) decrypts the stored AES key.\n\n2. **AES File Decryption**\n    - The now-recovered AES key is used to decrypt the files, restoring them to their original contents.\n\n### Keys and Security\n\n- **AES-256** is a symmetric cipher considered secure under modern standards.\n- **RSA-4096** ensures the key exchange is non-trivial to brute force.\n- Combined, these create a typical hybrid encryption model used by many real-world ransomware variants.\n\n## Technical Details\n\nThis project aims to build an almost functional crypto-ransomware for educational purposes, written in in pure java.\nBasically, it will encrypt your files in background using AES-256, a strong encryption algorithm, using RSA-4096 Public\nKey to secure the AES Symetric key and store it in an embeeded database.\n\nAssume that there is a C\u0026C Server who for store the Id and the respective encryption key and possibly act as a Command\nand Control server in the near future.\n\nFor Education Purposes I will not Provide the Full Server source code.,as i decribed in the previous paragraph. Let's\nimagine a simple testing example which client by deafult has the Asymmetrtic encryption keys.\n\nThe easiest way to run this Project is to simply run the below commands\n\n ```\n $ mvn clean install\n```\n\nRun the following test and encrypt all files in the current given path of the Examples test file\nand wait until the execution will be finished.\n\n ```bash\n    mvn -Dtest=MyTest ExampleTest test\n  ```\n\n\n\u003e DON'T RUN JavaRansomware.jar IN YOUR PERSONAL MACHINE, EXECUTE ONLY IN A TEST ENVIRONMENT(VMWARE)!\n\nif you want to use the project programmatically just put the below code in your project and simply run it. Don't forget\nto give input arguments path before executing it.\n\n\u003ch2\u003eJava Manual\u003c/h2\u003e\n\nJDK [21](https://www.oracle.com/java/technologies/javase/jdk21-archive-downloads.html) is required to build and run this\nproject.\n```java\npackage com.security;\n\n\nimport java.nio.file.Path;\nimport java.nio.file.Paths;\nimport java.security.GeneralSecurityException;\n\npublic class Example {\n    private static final String PubicKey = \"MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJCw1HHQooCFGsGhtxNrsdS6dDq5jtfHqqLInCj7qFlDaD/Sll5+BAUjV0GU/c+6PVyMKzmLrHh49eeGQy1ETN8CAwEAAQ==\";\n    private static final String PrivateKey = \"MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAkLDUcdCigIUawaG3E2ux1Lp0OrmO18eqosicKPuoWUNoP9KWXn4EBSNXQZT9z7o9XIwrOYuseHj154ZDLURM3wIDAQABAkA9AnLx8tkye+2GTBwYEkcPvfcYc/mpPsXSkehW15Zq3IALx3Kr5GgKGOaB2FK6PU0QzEPQbNJXdA5ZPjwTDcQBAiEA1/zINRVlrLpw2HPfqsYQ8ZSDuG2rVUUKKmKgJQXeQ98CIQCrfsw2+VKOaFoJm5BpVxIT5nsE8CXn4fr/WSFuklMXAQIgTKWnAreCKmbLTvTn5bl+H8zdZaB9kbf7YIk5XYoUky8CIQCL2ccnPYK5ZxelphrKDJtNZzMC/+OpiXtqKIE+7kycAQIgRK/DUhWUgSQV5u7VoCHDyLPCntjFMGBsg7Wi1uq+EDM=\";\n\n\n    public static void main(String[] args) throws RansomwareException, GeneralSecurityException {\n        // Set Whatever path you want to test\n        Path testPath = Paths.get(\"C:\\\\Users\\\\User\\\\Documents\\\\GitHub\\\\JavaRansomware\\\\src\\\\resources\");\n        //Path testPath = Paths.get(Objects.requireNonNull(ExampleTest.class.getResource(\"/test.txt\")).toURI());\n        PipelineData pipelineData = new PipelineData();\n        pipelineData.setPrivateKey(PrivateKey);\n        pipelineData.setPublicKey(PubicKey);\n\n        // Alternative Gen RSA. Make sure you save the keypair to a file if not loaded\n//        RSAGenKeyReader.StringKeyPair keyPair=RSAGenKeyReader.generateKeyPair();\n//        pipelineData.setPrivateKey(keyPair.privateKey());\n//        pipelineData.setPublicKey(keyPair.publicKey());\n\n        pipelineData.setRootPath(testPath.toAbsolutePath().toString());\n\n        Pipeline\u003cPipelineData, PipelineData\u003e encrypt_filters = new Pipeline\u003cPipelineData, PipelineData\u003e(new DatabaseRetrieveHandler())\n                .addHandler(new GenSymmetricKeyHandler())\n                .addHandler(new RansomwareEncryptHandler())\n                .addHandler(new EncryptKeyHandler())\n                .addHandler(new DatabaseStoreHandler());\n        var encrypt_output = encrypt_filters.execute(pipelineData);\n        System.out.println(\"Pipeline encrypt_output: \" + encrypt_output);\n\n\n        Pipeline\u003cPipelineData, PipelineData\u003e decrypt_filters = new Pipeline\u003cPipelineData, PipelineData\u003e(new DatabaseRetrieveHandler())\n                .addHandler(new DecryptKeyHandler())\n                .addHandler(new RansomwareDecryptHandler())\n                .addHandler(new DecryptKeyHandler());\n        var decrypt_output = decrypt_filters.execute(pipelineData);\n        System.out.println(\"Pipeline output: \" + decrypt_output);\n    }\n}\n\n```\n\n\n![alt tag](./JavaRansomWare.PNG)\n\n## Legal Warning\nWhile this may be helpful for some, there are significant risks. JavaRansomware may be used only for \nEducational Purposes. Do not use it as a ransomware! You could go to jail if if you will use it for \nmalicious purposes.\u003c\n\n\n## Support\n\nFor support, email panagiotisdrakatos@gmail.com or join me Discord:panos5427.\nMeaning, if you liked using this app or it has helped you in any way,\nI'd like you send me an email about anything you'd want to say about this software.\nI'd really appreciate it!\n\n## Note\n\n- ⭐️ Give me a Star!! JavaRansomware is constantly updating, support us!\n- The analysis was done by me, without having obfuscated the source code (either with pyarmor etc),\n- I would not recommend using JavaRansomware + obfuscatebecause many times av trigger obfuscated codes as false positive\n  even if legitimate.\n\n## Contribute\n\n1. Fork it: git clone https://github.com/PanagiotisDrakatos/JavaRansomware.git\n2. Create your feature branch: ```git checkout -b my-new-feature```\n3. Commit your changes: ```git commit -am 'Add some feature```\n4. Push to the branch: ```git push origin my-new-feature```\n5. Submit a pull request\n\n## Authors\n\n- [@panagiotisdrakatos](https://github.com/PanagiotisDrakatos)\n\n \n## License\nThis project is distributed under the MIT license version 2.0 (see the LICENSE file in the project root).\n\nBy submitting a pull request to this project, you agree to license your contribution under the MIT license version 2.0\nto this project.\n\n[![MIT License](https://img.shields.io/badge/License-MIT-green.svg)](https://choosealicense.com/licenses/mit/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FPanagiotisDrakatos%2FJavaRansomware","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FPanagiotisDrakatos%2FJavaRansomware","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FPanagiotisDrakatos%2FJavaRansomware/lists"}