This is an attempt to create a POC of Crypto Ransomware. Please use this for only educational purposes only. More details and explaination about the POC Crypto Ransomware Framework are defined in Creating a POC Crypto Ransomware - 1
-
Apache+PHP Stack for C&C Server I have developed everything on Kali Machine as attacker machine. I didnt test this on Windows Machine.
-
Windows Machine to act as Victim Machine Please avoid legacy machines that are below Windows XP. I am using WMI wrappers which might not work in those machines
-
Python, Microsoft Visual C++ Compiler for Python 2.7, Pycrypto installed on Windows Machine I understand that malware should not be dependent with third party requirements other than built-in features of the victim. Considering, this is just a POC not a malware and for easy readability, I have used Python and above packages.
- Copy "C&C" folder in Apache Web Server.
- Copy "Ransomware" folder to Windows Machine
- First run generate_dga.py and choose one of the domains and add it to Windows /etc/hosts linking to your attacking machine
- Start Apache Web Server
- Execute ransomware.py
- Your files in Desktop with given extensions are encrypted
- Browse summary.txt in victim_manager in Apache Web Server to see the folder related to the victim
- Copy the .pem suffixed file to Victim Windows Machine
- Run decrypt.py with .pem file as argument
- Encrypted files are decrypted
Note: Please delete the folder related to the victim in 'victims' folder for multiple testing in same environment.
For a working example, check the final workflow section in Creating a POC Crypto Ransomware - 6
Check this out to have better understanding of Ransomware and this framework. Creating a POC Crypto Ransomware - 1