WARNING: This program can damage your files! My recommendation is to read the guides and only run it on a virtual machine at your own risk. I cannot be hold responsible for any file damage due to running this program on any machine.
According to McAffe:
Ransomware is malware that employs encryption to hold a victim's information at ransom.
Simple Python Ransomware is a simple tool built in Python that does exactly that, in under 100 lines of code. This highlights both the power of Python, but also the the ease of building such a virus.
Simple Python Ransomware is build in under 100 lines of code, mostly thanks to packages Cryptography (pip install cryptography) && python-dotenv, but also other packages (argparse, getpass, os, pathlib, smtplib, platform, email).
Before you begin, ensure you have met the following requirements:
- You have Python 3.X.X installed
- You have a Gmail account set to allow less secure apps
- You have read the guide from bellow
To install Simple Python Ransomware, follow these steps:
git clone git@github.com:mihneamanolache/Simple-Python-Ransomware.git && cd Simple-Python-Ransomware
pip3 install -r requirements.txt
Simple Python Ransomware is used both to encrypt and to decrypt files. Before running the script, head over to the .env file and update the following lines using your own information:
gmail_account='<YOUR_GMAIL_ADDRESS>'
gmail_password='<YOUR_GMAIL_PASSWORD>'
After saving the file, you can run the script in the encryption mode by typing:
python3 ransomware.py --directory <DIRECTORY_NAME> [optional] --backup [optional]
Where:
-
--directoryor-dtakes as an parameter a string, which is the Location / Folder you are targeting (ie. Desktop, Downloads etc.). If letft blank, Simple Python Ransomware will automatically target the Desktop. For specific subirectories, specify the main directory first (ie.python3 ransomware.py --d Downloads/Subdirectory). -
--backupor-bdoesn't take any parameter and is used to bypass the deletion of the cryptographic key from the system. If used, the key will be stored in the same directory asransomware.py
ATTENTION! The program will encrypt ALL files in thetargeted directory and its subdirectories. The encryption key is set to delete after the script completes! This can lead to poossible file damage or loss. USE AT YOUR OWN RISK!
If successful, the script will: :ballot_box_with_check: Encrypt all the files :ballot_box_with_check: Send an email with the cryptoghraphic key to your gmail account.
In order to decrypt the files encrypted before, all you need to do is to pass the cryptographic key as a string to the program, as follows:
python3 ransomware.py --key <YOUR_CRYPTOGHRAPHIC_KEY>
You can retriev the cryptographic key either from the email sent before, or from the cryptographic_key.key file, if you used the --backup argument.
ATTENTION! The directory should be also specified using the -d argument, provided that it was used to encrypt files in directories other that Desktop.
[========]
IMPORTANT: This tool is only for testing and academic purposes and can be used where strict consent has been given. Do not use it for illegal purposes! It is the end user’s responsibility to obey all applicable local, state and federal laws. I assume no liability and am not responsible for any misuse or damage caused by this tool and software in general.
[========]
python3 ransomware.py -d Downloads
Email received by attacker:
Files encrypted on all levels under 'Downloads':
python3 ransomware.py --key 70ZAg0MsYFtoXckQa-T1mydyZja3zdKJaOj8pZr8ypE= -d Downloads
[ ! ] Note that the key is the same one received in the email. In a real world scenario, the attacker would have to deliver the key to the victim in order to decrypt the files.
Files decrypted on all levels under 'Downloads':