{"id":14976601,"url":"https://github.com/phantom0004/krypt0s-ransomware_poc","last_synced_at":"2025-10-27T21:30:38.305Z","repository":{"id":244692208,"uuid":"815845717","full_name":"phantom0004/KRYPT0S-Ransomware_POC","owner":"phantom0004","description":"KRYPTOS is a sophisticated Python-based ransomware proof of concept (POC) designed for educational purposes. It encrypts files on Windows machines, focusing on persistence and stealth. Additionally, it includes a fake ransomware screen resembling WannaCry, with all information being fictional.","archived":false,"fork":false,"pushed_at":"2024-09-17T08:54:33.000Z","size":12876,"stargazers_count":5,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-10-11T14:03:58.182Z","etag":null,"topics":["aes","cryptography","educational","encyrption","learning","malware","poc","prevention","proof-of-concept","python","ransomware","ransomware-builder","simulation","stealth","teaching","testing","virtual","windows","windows-10","windows-11"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/phantom0004.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-16T10:49:39.000Z","updated_at":"2024-09-18T19:31:59.000Z","dependencies_parsed_at":"2024-06-16T19:40:34.701Z","dependency_job_id":"4d2021f8-a068-4474-b454-4a50dbf4a8dc","html_url":"https://github.com/phantom0004/KRYPT0S-Ransomware_POC","commit_stats":{"total_commits":207,"total_committers":3,"mean_commits":69.0,"dds":"0.20772946859903385","last_synced_commit":"a4bcc901fe3396fd2364084f5bc908f0518fd2ba"},"previous_names":["phantom0004/_krypt0s_ransomware","phantom0004/krypt0s-ransomware_poc"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phantom0004%2FKRYPT0S-Ransomware_POC","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phantom0004%2FKRYPT0S-Ransomware_POC/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phantom0004%2FKRYPT0S-Ransomware_POC/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phantom0004%2FKRYPT0S-Ransomware_POC/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/phantom0004","download_url":"https://codeload.github.com/phantom0004/KRYPT0S-Ransomware_POC/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":219860724,"owners_count":16556014,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aes","cryptography","educational","encyrption","learning","malware","poc","prevention","proof-of-concept","python","ransomware","ransomware-builder","simulation","stealth","teaching","testing","virtual","windows","windows-10","windows-11"],"created_at":"2024-09-24T13:54:07.417Z","updated_at":"2025-10-27T21:30:37.706Z","avatar_url":"https://github.com/phantom0004.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# KRYPT0S : Encrypt, Conceal, Control  \n### *Proof-of-Concept Ransomware Wiper*  \n\n\u003cbr\u003e\n\n\u003cimg src=\"https://github.com/user-attachments/assets/8f59a03b-5222-41f1-b370-3ed15ef1b735\" alt=\"KRYPT0S Banner\" width=\"600\" height=\"400\"/\u003e\n\n\u003cbr\u003e\n\n[![Status: PoC](https://img.shields.io/badge/Status-Proof--of--Concept-orange.svg)](#)\n[![Platform: Windows](https://img.shields.io/badge/Platform-Windows-blue.svg)](#)\n[![Python 3.8+](https://img.shields.io/badge/Python-3.8%2B-green.svg)](#)\n\n\u003c/div\u003e\n\n---\n\n## ⚠️ Warning: Legal and Ethical Disclaimer\n\u003e **This project is intended solely for educational purposes** and **must be executed only in a controlled, sandboxed environment.**  \n\u003e  \n\u003e **Unauthorized or real-world use is highly illegal** and may result in **criminal penalties** including imprisonment. The creator of this project disclaims all responsibility for misuse or damages.  \n\u003e\n\u003e **YOU HAVE BEEN WARNED.**\n\nThis repository includes a built-in kill switch to ensure it does not cause irreparable harm. **The goal is NOT to harm** but to facilitate learning about ransomware mechanics—**for academic and cybersecurity research purposes only**.\n\n---\n\n## Project Overview\n\n### About KRYPT0S\n**KRYPT0S** is a **Python-based ransomware simulation** crafted to reveal the **inner workings of real-world ransomware**. Its primary objective is to help cybersecurity professionals, researchers, and enthusiasts **understand** ransomware behaviors and **develop** effective defense strategies.\n\n### Key Features\n- **Complex Encryption Handling**  \n  Utilizes AES encryption to lock files on Windows systems.\n- **Persistence and Stealth**  \n  Modifies system settings to run in the background and survive reboots.\n- **Ransomware Screen**  \n  Mimics a WannaCry-style interface (all Bitcoin addresses and data are fake for simulation).\n- **Stealth Tactics**  \n  Disables Windows Defender, stops security services, and deletes shadow copies.\n- **Parallel Encryption**  \n  Employs multithreading to encrypt files across all drives quickly.\n- **Event Log Removal**  \n  Attempts to wipe Windows event logs to conceal its tracks.\n- **Vast Encryption Scope**  \n  Encrypts various file types—including `.exe` files in critical directories—for maximum disruption.\n- **Secure Keys**  \n  Generates and protects encryption keys in memory, complicating forensic analysis.\n- **Change System Wallpaper**  \n  Simulates altering the system wallpaper to instill fear (no actual risk if kill switch is enabled).\n\n---\n\n## Detailed Functionality\n\n### No Decryption Function Present\nA **defining characteristic** of KRYPT0S is that there is **no built-in decryption** capability. Once encrypted:\n- **File extensions** are changed, complicating recovery efforts.  \n- Infections on multiple machines lead to **chaotic** decryption attempts.  \n- Victims may be tricked into paying a ransom—but **true recovery is unlikely**.  \n- The absence of a decryption routine **underscores** the gravity of ransomware threats and the necessity for strong cybersecurity measures.\n\n### Ransomware Screen\nKRYPT0S includes a **fake ransomware screen** for realistic testing scenarios:\n- **Fake Bitcoin Details**  \n  All addresses and information are fabricated for demonstration only.\n- **Simulated Buttons**  \n  The user interface is purely illustrative—no real transactions occur.\n- **Lockdown Interface**  \n  Closes off the “X” button and Alt+F4, making forced termination more challenging.\n- **Enhanced Persistence**  \n  Continuously rechecks specific registry keys, hindering manual removal attempts.\n\n\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/user-attachments/assets/d3d7814d-7520-484a-b510-c3b9c5ad07c4\" alt=\"Ransomware Screen\" width=\"600\" height=\"500\"/\u003e\n\u003c/div\u003e\n\n---\n\n## Ethical and Safe Usage\nKRYPT0S is intended for **academic and training** settings within **sandboxed** environments. A **kill switch** stops its malicious behavior if certain conditions are met, reducing the likelihood of unintentional damage.\n\n### Running the Simulation\n1. **Convert and Execute**  \n   - Convert the Python scripts (`.py`) into executables (`.exe`) with the provided converter script.  \n   - Launch **`KRYPT0S.exe`**; **`Screen.exe`** will run afterward to simulate the ransomware interface.  \n2. **Windows Environment Only**  \n   - The converter supports **Windows only**. Execution on UNIX-based systems is not supported.\n\nOnce running:\n- KRYPT0S **scans all drives** and encrypts files with targeted extensions.  \n- `.exe` files in crucial directories (like `/Downloads` or `/OneDrive`) are also encrypted, potentially causing a **system meltdown** due to disabled essential programs.  \n- This highlights the **catastrophic impact** of true ransomware, emphasizing the importance of strong security measures.\n\n### Kryptos in Action\n**Aftermath of the Attack**  \n\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/user-attachments/assets/d99e527d-c4dc-4503-b03a-ea3ef7b69a76\" alt=\"Aftermath of the Attack\" width=\"900\" height=\"500\"/\u003e\n\u003c/div\u003e\n\n\u003cbr\u003e\n\n**Encrypted Files**  \n\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/user-attachments/assets/6d9cd5a8-93a7-4663-af5e-6981fc7fa9b9\" alt=\"Encrypted Files\" width=\"900\" height=\"500\"/\u003e\n\u003c/div\u003e\n\n---\n\n## Conclusion\nKRYPT0S is a **powerful educational tool** for illustrating the **complexity and risk** posed by modern ransomware. Properly understanding ransomware behavior is essential for IT professionals and security researchers to build **stronger defenses**. Always use this project under **legal, ethical constraints** and in **isolated** test environments.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphantom0004%2Fkrypt0s-ransomware_poc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphantom0004%2Fkrypt0s-ransomware_poc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphantom0004%2Fkrypt0s-ransomware_poc/lists"}