.png)
Code samples reside here on GitHub. Get in Touch to order your personalized tool
RansomCryWare is a form of malware that prevent legitimate users from accessing their device or data and asks for a payment in exchange for the stolen functionality. They have been used for mass extortion in various forms, but the most successful seem to be encrypting ransomware: most of the user data are encrypted and the key can be retrieved with a payment to the attacker. To be widely successful a ransomware must fulfill three properties:
Property 1: The hostile binary code must not contain any secret (e.g. deciphering keys). At least not in an easily retrievable form, indeed white box cryptography can be applied to ransomware.
Property 2: Only the author of the attack should be able to decrypt the infected device.
Property 3: Decrypting one device can not provide any useful information for other infected devices, in particular the key must not be shared among them.
- encrypt all user files with AES-256-CBC.
- Random AES key and IV for each file.
- Works even without internet connection.
- Communication with the server to decrypt Client-private-key.
- encrypt AES key with client-public-key RSA-2048.
- encrypt client-private-key with RSA-2048 server-public-key.
- Change computer wallpaper -> Gnome, LXDE, KDE, XFCE.
- Decryptor that communicate to server to send keys.
- python webserver
- Daemon
- Kill databases
