PS: This project is purely academic, use at your own risk. I will not condone, in any way, the use of this software illegally or to attack targets without their authorization.
Ransomware is a type of malicious software, also known as malware, that is designed to block access to a victim's computer system and encrypt their files until a ransom is paid to the attacker.
Ransomware can be distributed through a variety of methods, including phishing emails, infected websites, and social engineering tactics. Once installed on a victim's system, the ransomware can spread to other computers and networks, further increasing the damage.
This project was developed as part of the Red Team in Clalit Health Care. It will encrypt all of your files in the background using AES-256-CTR, and asymetric encryption, Using RSA public key and the padding scheme from PKCS #1 v1.5 to secure the key exchange with the server.
The project is composed by three parts, the Server, Encrypter and Decrypter.
The Server stores the victim's Hostname & Local IPv4 addresses along with the encryption key used by the malware.
- Encrypts files using AES-256-CTR(Counter Mode) with random IV for each file.
- Multithreading (Calculates the best approach for each thread)
- RSA and the padding scheme from PKCS #1 v1.5 to secure the client/server communication
- Includes an Encrypter
- Uses AES CTR Cypher with stream encryption to avoid loading an entire file into memory.
DON'T RUN encrypter.exe IN YOUR PERSONAL MACHINE, EXECUTE ONLY IN A TEST ENVIRONMENT! It will encrypt all your disks! First, download the project outside your $GOPATH:
git clone https://github.com/maorsabag/safecrypt
cd safecryptGetting the dependencies needed for Golang
make requirementsCompiling Everything!
makeCompiling the Keygen
make keys
.\bin\keygen.exeThis will generate a public_key.pem and private_key.pem in the current folder.
The public_key.pem will be used by the Encrypter and the private_key.pem will be used by the Server for decrypt the encryption key together with the target information.
Move both files to the assets folder.
Compiling the Decrypter The console one needs to have the encryption key hard-coded. After getting the key from the server, change the variable: hexKey at line 20 and compile it.
make decryptCompiling the Encrypter
make encryptCompiling the Server By default the server is compiled to linux to run the server in the cloud
make backendSetting the .env file Create a .env file in the same directory as the server binary with the following content:
TELEGRAM_API
TELEGRAM_GROUP
You can get the TELEGRAM_API from https://my.telegram.org/apps and the TELEGRAM_GROUP is the chat ID of the group you want to send the messages to. You can get it by adding the bot to the group and sending a message, then using the getUpdates method from the Telegram Bot API.
