Disclaimer: The sole purpose of this project is for educational use and it must not be employed for malicious intentions. The use of this ransomware in any unauthorized way are against the law. Furthermore, it is important to emphasize that we shall not be held responsible for any consequences that may arise if this code is used for illegal purposes or in a wrong way. It is the responsibility of the user to ensure that they comply with all applicable laws and regulations.
A ransomware that uses AES-CBC mode and RSA, and utilizes the client-server architecture to encrypt txt files at a client. Right now, the ransomeware encrypts all txt files in the Documents directory. The code could be modified to encrypt all txt files present at the client's device.
The Server.py file is executed first. It sends emails containing the ransomware to the victims' email addresses stored in its database (this is not visible in the above gif) and starts listening for requests. The victim then executes client.exe, which searches for and encrypts all .txt files in the documents directory using a randomly generated key and the AES-CBC encryption algorithm.
Next, in the background, client.exe sends a request to the server to obtain a public RSA key. It uses this key to encrypt the randomly generated key and sends it back to the server for storage.
When the victim pays the ransom and decides to decrypt the files (presses enter), the client sends a request to the server to retrieve the unencrypted random key. The server decrypts the encrypted random key using its private RSA key and sends it back to the client. The client then uses this key to decrypt all the previously encrypted .txt files.
For more information, please check the report.
This ransomeware was created by an amazing team of novice hackers: 👩💻
- Hadeer ElHussein
- Maryam ElOraby
- Rawan Reda
- Rowan Amgad