Ransomeware Malware

-
What is ransomware?
  • Ransomware is a part of a Malware
  • It looks like a simple executable file, but whenever it executed on a machine . it will automatically encrypt all of your file with advanced encryption algorithm. 
  • Ransomware is on trending on cyber-war.

What is ransomware attack?
  • First of all an attacker try to infect your machine with ransomware.
  • Now the ransomware malware will encrypt your machine and you can not access your data,
  • For decryption you required a software called "Crypter" as well as a key for decryption, which can only be with attacker only. 
  • Now attacker ask for some money in form of Bit-coins to hide its identity, this money is called ransom.After you pay to attacker.he/she will give you software and a key..
  • This is called a ransomware attack.

Why it is difficult to decrypt the files without payment?
  • First of all we don't know from which encryption system did the attacker use it can be....
    • RSA
    • DSA
    • AES etc
  • Now if we get the idea regarding the encryption now we have to search for a key.
  • Attacker give the crypter after ransom payment only so we can not crack it or bypass the key without a software.
  • Now again if we somehow manage the crpyper , we have to look for a key, we can apply a brute force to find a key , but here the problem is that the combination of possible key in RSA-256  is 2^256 ,now if it is RSA-512 than the key possibility is 2^512. so it will take couples of year to decrypt it.

Example : RDX-ransomware
  • Here i have make a simple python program for files encryption
  • you can find the source code on my github too.:
  • NOTE: Try it at your own risk and this is for educational purpose only
BEFORE ATTACK
  • You can see the files available in a folder,which look normal before ransomware attack
    AFTER ATTACK
  • Now for encryption you have to just run a "rdx-ransomware.py" into your target folder,it will generate a decryption key into key.key folder and remove the program it self .
  • You can see that the all files are encrypted and renamed with ".RDX" as a file extension.

AFTER DECRYPTION
  • To decrypt your files you have to run "rdx-crypter.py" into attacked folder.
  • Now here you have to gave a key from "key.key" as an input to out crypter.
  • Now after the decryption all of your files are decrypted and you can easily access it.
     


Comments

  1. Mrugendrasinh RahevarJuly 8, 2020 at 6:48 AM

    Nice article for beginners to understand the basics of ransomewar and how to implement it.

    ReplyDelete

Post a Comment

Popular posts from this blog

"Coot" Ransomware

-
Image
What is Ransomware? Ransomware is a malicious program which will encrypt your data and make a barrier between you and your files After successful implementation of ransomware on your network or your machine it will stating encrypting the data with advance level of encryption which is really difficult to crack Now after encryption you have to purchase a tool called "Cypter" tool from attack and related decryption key too In some cases it is possible to retried the data without paying ransom to bad guy. What is Coot Ransomware attack? From ending of July 2020 the number of coot ransomware is increasing frequently. coot is from "DJVU" family of ransomware. In this type of attack the file will be encrypted with some high level encryption techniques and the file extension will be ".coot" at the end of the file. Suppose there is a file on your machine called "a.txt" than the encrypted file will be "a.txt.coot" Also you can see the other
Read more

Data Recovery Tools (Disk Drill)

-
Image
There are many tools available for data recovery in the market . Some of the tools are as follow Encase FTK manager Manager RAM capture  X-ways forensic Sleuth kit (+autopsy) Paladin Disk Drill Restoration (Window) Disk Drill . Disk Drill is an undeniable leader among data recovery software, it can recover deleted files from your device even if it is failing, unreadable, or has lost a partition. Features : You can recover up to 500MB of data free with Disk Drill for Windows. Unlike any other, the app has two important additional data loss prevention functionalities. The first, Recovery Vault, adds a layer to the Recycle Bin and keeps a backup reference to all deleted files. The second, Guaranteed Recovery, keeps a copy of each file moved to a previously selected folder, as for example the Recycle Bin. In addition, Disk Drill allows users to create image files in the form of ISO, IMG or DMG files. Therefore in practice, enables the user to conduct the data search in a clone, without ta
Read more