Skip to content
Branch: master
Find file History
Latest commit 9115e73 Oct 27, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src
talks Building gonnacry first part Feb 20, 2019
.gitignore Update .gitignore Nov 9, 2017
LICENSE Create LICENSE Jun 22, 2017
README.md Update README.md Oct 27, 2019

README.md

GonnaCry Rasomware

Original Repository of the GonnaCry Ransomware.

This project is OpenSource, feel free to use, study and/or send pull request.

GonnaCry is a linux ransomware that encrypt all user files with strong encryption scheme.

Travis branch Travis branch Travis branch Travis branch


Ransomware Impact on industry

https://medium.com/@tarcisioma/how-can-a-malware-encrypt-a-company-existence-c7ed584f66b3

How this ransomware encryption scheme works:

https://medium.com/@tarcisioma/ransomware-encryption-techniques-696531d07bb9

How this ransomware works:

https://0x00sec.org/t/how-ransomware-works-and-gonnacry-linux-ransomware/4594

https://medium.com/@tarcisioma/how-ransomware-works-and-gonnacry-linux-ransomware-17f77a549114

Mentions:

https://www.sentinelone.com/blog/sentinelone-detects-prevents-wsl-abuse/

https://hackingvision.com/2017/07/18/gonnacry-linux-ransomware/

https://www.youtube.com/watch?v=gSfa2L158Uw


Disclaimer

This Ransomware musn't be used to harm/threat/hurt other person's computer.

It's purpose is only to share knowledge and awareness about Malware/Cryptography/Operating Systems/Programming.

GonnaCry is a academic ransomware made for learning and awareness about security/cryptography.

Be aware running C/bin/GonnaCry or Python/GonnaCry/main.py Python/GonnaCry/bin/gonnacry in your computer, it may harm.


What's a Ransomware?

A ransomware is a form of malware that prevent legitimate users from accessing their device or data and asks for a payment in exchange for the stolen functionality. They have been used for mass extortion in various forms, but the most successful seem to be encrypting ransomware: most of the user data are encrypted and the key can be retrieved with a payment to the attacker. To be widely successful a ransomware must fulfill three properties:

Property 1: The hostile binary code must not contain any secret (e.g. deciphering keys). At least not in an easily retrievable form, indeed white box cryptography can be applied to ransomware.

Property 2: Only the author of the attack should be able to decrypt the infected device.

Property 3: Decrypting one device can not provide any useful information for other infected devices, in particular the key must not be shared among them.


Objectives:

  • encrypt all user files with AES-256-CBC.
  • Random AES key and IV for each file.
  • Works even without internet connection.
  • Communication with the server to decrypt Client-private-key.
  • encrypt AES key with client-public-key RSA-2048.
  • encrypt client-private-key with RSA-2048 server-public-key.
  • Change computer wallpaper -> Gnome, LXDE, KDE, XFCE.
  • Decryptor that communicate to server to send keys.
  • python webserver
  • Daemon
  • Dropper
  • Kill databases
You can’t perform that action at this time.