⚠️ Important notes :
- This project is for educational purposes only.
- It must be run on a virtual machine or on docker
This program encrypts the contents of target files using AES-128.
On success, it add extiontion .ft encrypted files.
It will only act on files whose extensions have been targetted by Wannacry.
Encrypted files can be restored using the secret key.
This program only targets specific files:
- located inside
$HOME/infectiondirectory - have extensions which are listed in
wannacry_file_extensions.txtfile
example
$> tree ~/infection
~/infection
├── dir0
│ ├── empty0.docx
│ ├── empty1.docx
│ ├── empty2.docx
│ ├── empty3.docx
│ ├── empty4.docx
│ └── empty5.docx
├── dir1
│ ├── long0.123
│ ├── long1.123
│ └── long2.123
├── dir2
│ ├── test1.txt.ft
│ ├── test2.txt.ft
│ └── test3.txt.ft
├── dir3
├── file1.docx
├── file2.docx
└── no_perm.key
usage: stockholm.py [-h] [-v] [-r KEY] [-s]
optional arguments:
-h, --help show this help message and exit
-v, --version show the version of the program
-r KEY, --reverse KEY
reverse the infection using the key
-s, --silent the program will not produce any output
- run
./stockholm.py
$> pip freeze
pycryptodome==3.19.0