Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/tarcisio-marinho/gonnacry

A Linux Ransomware
https://github.com/tarcisio-marinho/gonnacry

aes aes-encryption c crypto-library cryptography decryption encryption linux linux-ransomware malware malware-analysis malware-development openssl python python-2 ransom-worm ransomware ransomware-prevention rsa-cryptography rsa-key-encryption

Last synced: 7 days ago
JSON representation

A Linux Ransomware

Awesome Lists containing this project

README 

        
# GonnaCry Ransomware



Original Repository of the GonnaCry Ransomware.



GonnaCry is a linux ransomware that encrypts all the user files with a strong encryption scheme.



This project is OpenSource, feel free to use, study and/or send pull request.



[![Travis branch](https://img.shields.io/travis/rust-lang/rust/master.svg)](https://github.com/tarcisio-marinho/GonnaCry)

[![Travis branch](https://img.shields.io/cran/l/devtools.svg)](https://github.com/tarcisio-marinho/GonnaCry/blob/master/LICENSE)

[![Travis branch](https://img.shields.io/badge/made%20with-%3C3-red.svg)](https://github.com/tarcisio-marinho/GonnaCry)

[![Travis branch](https://img.shields.io/github/stars/tarcisio-marinho/GonnaCry.svg)](https://github.com/tarcisio-marinho/GonnaCry/stargazers)

    

-------------



**Ransomware Impact on industry**



https://medium.com/@tarcisioma/how-can-a-malware-encrypt-a-company-existence-c7ed584f66b3



**How this ransomware encryption scheme works:**



https://medium.com/@tarcisioma/ransomware-encryption-techniques-696531d07bb9



**How this ransomware works:**



https://0x00sec.org/t/how-ransomware-works-and-gonnacry-linux-ransomware/4594



https://medium.com/@tarcisioma/how-ransomware-works-and-gonnacry-linux-ransomware-17f77a549114



**Mentions:**



https://www.sentinelone.com/blog/sentinelone-detects-prevents-wsl-abuse/



https://hackingvision.com/2017/07/18/gonnacry-linux-ransomware/



https://www.youtube.com/watch?v=gSfa2L158Uw



-------------



# Disclaimer



This Ransomware mustn't be used to harm/threat/hurt other person's computer.



Its purpose is only to share knowledge and awareness about Malware/Cryptography/Operating Systems/Programming.



GonnaCry is an academic ransomware made for learning and awareness about security/cryptography.



**Be aware running C/bin/GonnaCry or Python/GonnaCry/main.py Python/GonnaCry/bin/gonnacry in your computer, it may harm.**



-------------



# What's a Ransomware?



A ransomware is a type of malware that prevents legitimate users from accessing

their device or data and asks for a payment in exchange for the stolen functionality.

They have been used for mass extortion in various forms, but the

most successful one seems to be encrypting ransomware: most of the user data are

encrypted and the key can be obtained paying the attacker.

To be widely successful a ransomware must fulfill three properties:



**Property 1**: The hostile binary code must not contain any secret (e.g. deciphering

keys). At least not in an easily retrievable form, indeed white box cryptography

can be applied to ransomware.



**Property 2**: Only the author of the attack should be able to decrypt the

infected device.



**Property 3**: Decrypting one device can not provide any useful information

for other infected devices, in particular the key must not be shared among them.



-------------



# Objectives:



- [x] encrypts all user files with AES-256-CBC.

- [x] Random AES key and IV for each file.

- [x] Works even without internet connection.

- [x] Communication with the server to decrypt Client-private-key.

- [x] encrypts AES key with client-public-key RSA-2048.

- [x] encrypts client-private-key with RSA-2048 server-public-key.

- [x] Changes computer wallpaper -> Gnome, LXDE, KDE, XFCE.

- [x] Decryptor that communicate to server to send keys.

- [x] python webserver

- [x] Daemon

- [ ] Dropper

- [x] Kills databases