August 21, 2017, 06:42:07 PM
Welcome, Guest. Please login or register.

"640 K ought to be enough for anybody." -- Bill Gates

Author Topic: PyCrypto/ezPycrypto modules suitable for application in ransomware PoC?  (Read 1350 times)

Offline Vector

  • Prospect
  • *
  • Posts: 37
  • Internets: +10/-24
    • @AntiSec_Inc
Since the PyCrypto and ezPyCrypto modules are the only decent crypto modules for python that i know of i was thinking i might be able to employ them for the creation of a python based ransomware.

I'm assuming most of you guys know this but just in case i'll mention the following. The concept of ransomware is rather simple. 1. Deliver payload 2. Encrypt user data with public key 3. Drop a notice of extortion with instructions on how the victim may acquire the private key for decryption. Usually by paying a set amount in bitcoin, hence the term ransomware.

Don't assume this is a get rich quick scheme though. It takes a lot of effort and planning to create a highly successful malware and the risk involved is something to take into consideration. My interest in the subject is entirely to satisfy my own curiosity.


Anyhow, the way i understand it in ransomware the crypto part is the only thing highly complex going on, besides if you're just encrypting personal data such as family pictures, videos, word and/or PDF documents i don't think you have to worry about finding a privilege escalation exploit particular to the type of system you're targeting which makes cross platform compatibility much more feasible unless we're aiming to encrypt backup files and intend to employ persistence mechanisms.

In that regard it's somewhat of a trade off. In the case of windows if i were aiming to bypass UAC, i'd probably employ reflective DLL injection to run my malicious code within the context of an elevated process.

Furthermore you can choose to sacrifice the ability to dynamically update public keys and such, to effectively eliminate the need for C&C infrastructure, which is arguably better practice at least from an operational security standpoint.

With the PyCrypto/ezPyCrypto module(s) taking care of the cryptographic aspect. The rest of the program should be reasonably straightforward. Only problem i foresee is the speed at which the files will be encrypted.

If you happen to have any experience with this or the PyCrypto module in general i'd be interested to hear how you have implemented it's functionality or any issues you encountered when working with it.

Any other comments/suggestions/ideas are appreciated as well.


Thanks in advance!

For research purposes only of course!
« Last Edit: March 26, 2016, 01:53:23 PM by Gingerbread Man »
"Words have no power to impress the mind without the exquisite horror of their reality"

Offline RedCor

  • Top Hat Member
  • Prospect
  • ********
  • Posts: 31
  • Internets: +5/-0
I dont have skill but i found this software is cool :)

https://github.com/MarcAngio/Hidden-tear-2.0

Its source code of ransomware ?