SPLOIT: Cryptography Is a Bitch (Ransomware Development): Part 1: Introduction to the Ransomware World

Apr 23, 2016 07:20 PM
Apr 23, 2016 10:43 PM
635970086845978441.jpg

Greetings my fellow aspiring hackers,

Its been a long time and I have to confess I would not be around for long as I am not free yet. I just have some few hours to spare and decided to help out. I learnt OccupyTheWeb won't be around to help out anymore which is like a slap in the face although I still cannot believe that he has left us but hey, it's not the end of the world. Like the quote Don't watch the clock; do what it does. Keep going - Sam Levenson, we must keep moving on. He has contributed alot and the best we can do is to keep his legacy and spirit up in the community.

Ok so I found a project and embarked on it and had success. I basically would love to share it with the community. So interested participants can continue reading.

Disclaimer

I am by no means responsible for the use of the explanation or codes implemented or discussed here. This is for educational purposes and is by no means meant to help bad actors wreck havoc in systems they do not own. This project or series is meant to enlighten the minds of many who are amazed and at the same time scared at the beauty of ransomwares but do not have any idea of how they work. The project is however open sourced and thereby is subject to modification and changes. I am hereby once again not responsible for any use of the code by the user

Cryptography Is A Bitch ? Why do I say that

Cryptography or cryptology is the practice and study of techniques for secure communication in the presence of third parties called adversaries. Cryptography deals with communicating with the desired destination without the fear of leakage of information to an undesired destination.

It is the issue of encryption that is trending this days with law enforcement battling tech giants for data and issuing warrants like pay rolls. As I am not here to talk about any law enforcement. What all law enforcement agencies are battling around the world is encryption. The issue of data being encrypted or stealth and passing right under their nose is what gets them angry and they in turn start hacking billions of computers just to decrypt a message or follow up a clue. What is actually causing the problem is Cryptography. Mathematicians have spent hours of work to create complex equations of maths that today have benefited the world in so many ways. Encryption methods have been developed from these equations and have lead to where we are now. Modern technological equipments have also adopted such encryption methods and have implemented them to provide some sort of authentication. The issue here is most cryptographic methods of encryption for making it difficult to decrypt messages not intended to be seen by an undesired party is becoming the thing of the past.

Interesting that was a piece of my mind up there. What I want to discuss really here is this article is the abuse of cryptography or encryption by bad actors for personal profit. That gets us to today's topic: Ransomwares

Ransomwares

I believe every here has heard or read a tin or two about ransomwares. Ransomware is a type of malware that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction. Some forms of ransomware systematically encrypt files on the system's hard drive, which become difficult or impossible to decrypt without paying the ransom for the encryption key, while some may simply lock the system and display messages intended to coax the user into paying. Ransomware typically propagates as a trojan, whose payload is disguised as a seemingly legitimate file; thus, ransomware is an access-denial type of attack that prevents legitimate users from accessing files.

While initially popular in Russia, the use of ransomware scams has grown internationally, in June 2013, security software vendor McAfee released data showing that it had collected over 250,000 unique samples of ransomware in the first quarter of 2013, more than double the number it had obtained in the first quarter of 2012. Wide-ranging attacks involving encryption-based ransomware began to increase through trojans such as CryptoLocker, which had procured an estimated US$3 million before it was taken down by authorities,6 and Cryptowall, which was estimated by the US Federal Bureau of Investigation (FBI) to have accrued over $18m by June 2015.

Ransomware are just pieces of codes that once executed abuse encryption and holds the personal digital belongings of the victims hostage and demand they pay a price.

Popular Ransomware Variants ( Infection Methods )

As mentioned, there are many variants of ransomware out there, but it can be loosely classified into four categories:

  • SMS Ransomware: This type of ransomware locks your computer and displays a ransom message with a code. To unlock your computer, you are instructed to send the code via text message to a premium-rate SMS number to receive the corresponding code to unlock it.
  • Winlocker: This variant of ransomware also locks your computer, but it displays a more intimidating ransom message which appears to be from your local law enforcement agency. Unlike SMS ransomware, this particular kind instructs you to pay through an online payment system such as Ukash, Paysafecard, or Moneypak.
  • File Encryptors: This kind of ransomware can encrypt your personal files and folders using complex encryption algorithms to make your computer's data unusable. The malware author then demands that you pay for the decryption key using one of the online payment systems mentioned above. The ransomware often leaves a file (or a "ransom note") on the victim's machine with payment instructions. This type of ransomware may or may not lock your screen.
  • MBR Ransomware: This is another popular variant of ransomware, but it goes one step farther than the other three types mentioned above in terms of how the computer is locked. MBR Ransomware can change your computer's Master Boot Record (MBR) and interrupts the normal boot process. The MBR is a partition on your computer's hard drive that allows the operating system to load and boot. When this ransomware strikes, the ransom message is displayed as soon as the computer is turned on, meaning that you do not get the chance to load the operating system to remove the infection and repair your system.

MBR Ransomware may look scary, but this type of infection can easily be removed. The ransom message often says that the files have been encrypted, but in reality, they are not.

Conclusion

We know what are ransomwares but don't you think we can develop one ourselves using the little knowledge we have developed here. Wait until you meet my ransomware leprosy ( I don't know why I gave it that name anyway but I named it because I made it ). Leprosy will be on github but its source code will not be discussed as we are going to develop one ourselves with a little python and knowledge from above.

So until we meet again.

635970104560709130.jpg

# Sergeant

Comments

No Comments Exist

Be the first, drop a comment!