时空索引>> Ransomware>> 返回
项目作者: strmrider

项目描述 :
Ransomware application
高级语言: Python
项目地址: git://github.com/strmrider/Ransomware.git
创建时间: 2021-02-18T13:24:14Z
项目社区:https://github.com/strmrider/Ransomware
开源协议:
下载


Ransomware

Simple and effective ransomware application

Features

  • Strong AES Encryption
  • Safe server-payload communication
  • Payload’s data tracking and restoration options
  • Supports several options of tracking target files including full paths, root folders and using extensions or strict filenames
  • Supports target’s machine (terminal or graphic) UI for messaging and files recovery
  • Payload compilation for more convenient portable option
  • Easy graphic payload geneartor
  • Custom victim message and ransom details

Payload

The payload runs on the target’s machine and responsible for several tasks:

  • Establish connection with the server and register its data
  • Locate target files on local machine’s file system
  • Encrypt the files and update the server about the process
  • Run the defined user interface and notify the target machine’s users about the attack
  • Provide target files decryption and restoration interface

    Generator

    Run plgenerator.py to load the payload generator window, where the payload’s data is defined:
  • Server’s ip and port addresses
  • Rasnom time in hours and json file containing the target files (see taregts files section)
  • Payment data (optional- in case paymant is requiered) such as amount, payment details (such as crypto address) and contact details.
  • User interface- console/terminal (text) or graphic (os window)
  • Payload’s filename (used for disguise) and ID number.
    There are two options for generation: simple generation (.py file) or compilation (executable file) which is more portable.

    Target files

    The target files for encryption are defined in seperate file in JOSN format.
    1. {
    2. "files": {
    3. }
    4. }
    There are two sections:

Files per full path which could save expensive search time:

  1. {
  2.   "files": {
  3.     "fullPath": [
  4.         "C:\Users\User\Documents\file1.txt"
  5.       ]
  6.   }
  7. }

Files per root folder, which may include filenames or extensions:

  1. {
  2.   "files": {
  3.     "fullPath": [
  4.       "C:\Users\User\Documents\file1.txt"
  5.     ],
  6.     "roots": [
  7.       {
  8.         "paths": ["C:/Users/User/Documents", "C:/Users/User/videos"],
  9.         "files": [
  10.           "accounts",
  11.           "trip"
  12.         ],
  13.         "extensions": [
  14.           ".py",
  15.           ".exe",
  16.           ".mp4",
  17.           ".doc"
  18.         ]
  19.       }
  20.     ]
  21.   }
  22. }

Recovery

The files can be restored by inserting the cipher key and decrypting them throught the user inetrface once the attack is completed.

Safety option

As the program was written for educaiotnal purpose soley it does not remove the encryption key from the victim’s machine and provide a recovery option by revealing the key by a click of a button.

Server

The server is used for payload registeriaiton, activation and storing their data and operation status. The payloads inform the server about the target files that were located and update their encryption status, send a copy of the generated cipher key and notify when an attacked is executed. The data can be extarcted any time and restored to the payloads when their activity is halted.

The server runs on the terminal and supports the following commands:

  1. Prints all registered payload
  2. >>> all
  3. Prints single payload where id is the desired payload's id
  4. >>> pl id 
  5. Quites server
  6. >>> q