https://github.com/phantom0004/krypt0s-ransomware_poc

KRYPTOS is a sophisticated Python-based ransomware proof of concept (POC) designed for educational purposes. It encrypts files on Windows machines, focusing on persistence and stealth. Additionally, it includes a fake ransomware screen resembling WannaCry, with all information being fictional.
https://github.com/phantom0004/krypt0s-ransomware_poc

aes cryptography educational encyrption learning malware poc prevention proof-of-concept python ransomware ransomware-builder simulation stealth teaching testing virtual windows windows-10 windows-11

Last synced: 8 months ago
JSON representation

KRYPTOS is a sophisticated Python-based ransomware proof of concept (POC) designed for educational purposes. It encrypts files on Windows machines, focusing on persistence and stealth. Additionally, it includes a fake ransomware screen resembling WannaCry, with all information being fictional.

• Host: GitHub
• URL: https://github.com/phantom0004/krypt0s-ransomware_poc
• Owner: phantom0004
• License: mit
• Created: 2024-06-16T10:49:39.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2024-09-17T08:54:33.000Z (over 1 year ago)
• Last Synced: 2024-10-11T14:03:58.182Z (over 1 year ago)
• Topics: aes, cryptography, educational, encyrption, learning, malware, poc, prevention, proof-of-concept, python, ransomware, ransomware-builder, simulation, stealth, teaching, testing, virtual, windows, windows-10, windows-11
• Language: Python
• Homepage:
• Size: 12.3 MB
• Stars: 5
• Watchers: 1
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          


# KRYPT0S : Encrypt, Conceal, Control  

### *Proof-of-Concept Ransomware Wiper*  









[![Status: PoC](https://img.shields.io/badge/Status-Proof--of--Concept-orange.svg)](#)

[![Platform: Windows](https://img.shields.io/badge/Platform-Windows-blue.svg)](#)

[![Python 3.8+](https://img.shields.io/badge/Python-3.8%2B-green.svg)](#)



---

## ⚠️ Warning: Legal and Ethical Disclaimer

> **This project is intended solely for educational purposes** and **must be executed only in a controlled, sandboxed environment.**  

>  

> **Unauthorized or real-world use is highly illegal** and may result in **criminal penalties** including imprisonment. The creator of this project disclaims all responsibility for misuse or damages.  

>

> **YOU HAVE BEEN WARNED.**

This repository includes a built-in kill switch to ensure it does not cause irreparable harm. **The goal is NOT to harm** but to facilitate learning about ransomware mechanics—**for academic and cybersecurity research purposes only**.

---

## Project Overview

### About KRYPT0S

**KRYPT0S** is a **Python-based ransomware simulation** crafted to reveal the **inner workings of real-world ransomware**. Its primary objective is to help cybersecurity professionals, researchers, and enthusiasts **understand** ransomware behaviors and **develop** effective defense strategies.

### Key Features

- **Complex Encryption Handling**  

  Utilizes AES encryption to lock files on Windows systems.

- **Persistence and Stealth**  

  Modifies system settings to run in the background and survive reboots.

- **Ransomware Screen**  

  Mimics a WannaCry-style interface (all Bitcoin addresses and data are fake for simulation).

- **Stealth Tactics**  

  Disables Windows Defender, stops security services, and deletes shadow copies.

- **Parallel Encryption**  

  Employs multithreading to encrypt files across all drives quickly.

- **Event Log Removal**  

  Attempts to wipe Windows event logs to conceal its tracks.

- **Vast Encryption Scope**  

  Encrypts various file types—including `.exe` files in critical directories—for maximum disruption.

- **Secure Keys**  

  Generates and protects encryption keys in memory, complicating forensic analysis.

- **Change System Wallpaper**  

  Simulates altering the system wallpaper to instill fear (no actual risk if kill switch is enabled).

---

## Detailed Functionality

### No Decryption Function Present

A **defining characteristic** of KRYPT0S is that there is **no built-in decryption** capability. Once encrypted:

- **File extensions** are changed, complicating recovery efforts.  

- Infections on multiple machines lead to **chaotic** decryption attempts.  

- Victims may be tricked into paying a ransom—but **true recovery is unlikely**.  

- The absence of a decryption routine **underscores** the gravity of ransomware threats and the necessity for strong cybersecurity measures.

### Ransomware Screen

KRYPT0S includes a **fake ransomware screen** for realistic testing scenarios:

- **Fake Bitcoin Details**  

  All addresses and information are fabricated for demonstration only.

- **Simulated Buttons**  

  The user interface is purely illustrative—no real transactions occur.

- **Lockdown Interface**  

  Closes off the “X” button and Alt+F4, making forced termination more challenging.

- **Enhanced Persistence**  

  Continuously rechecks specific registry keys, hindering manual removal attempts.



  



---

## Ethical and Safe Usage

KRYPT0S is intended for **academic and training** settings within **sandboxed** environments. A **kill switch** stops its malicious behavior if certain conditions are met, reducing the likelihood of unintentional damage.

### Running the Simulation

1. **Convert and Execute**  

   - Convert the Python scripts (`.py`) into executables (`.exe`) with the provided converter script.  

   - Launch **`KRYPT0S.exe`**; **`Screen.exe`** will run afterward to simulate the ransomware interface.  

2. **Windows Environment Only**  

   - The converter supports **Windows only**. Execution on UNIX-based systems is not supported.

Once running:

- KRYPT0S **scans all drives** and encrypts files with targeted extensions.  

- `.exe` files in crucial directories (like `/Downloads` or `/OneDrive`) are also encrypted, potentially causing a **system meltdown** due to disabled essential programs.  

- This highlights the **catastrophic impact** of true ransomware, emphasizing the importance of strong security measures.

### Kryptos in Action

**Aftermath of the Attack**  



  






**Encrypted Files**  



  



---

## Conclusion

KRYPT0S is a **powerful educational tool** for illustrating the **complexity and risk** posed by modern ransomware. Properly understanding ransomware behavior is essential for IT professionals and security researchers to build **stronger defenses**. Always use this project under **legal, ethical constraints** and in **isolated** test environments.