What about propagation vector ?

[gauthierj]

This is in fact not an issue but a comment / question / remark, and I don't really see another way to ask it on github.

In fact writing such code that encrypts / decrypts some file is trivial to write on any platform. The tricky part of a ransomware, as for any malware, is the propagation vector, and, as far as I understand your code, there is no propagation vector.

So the only thing your code proves is that it is possible to search files, encrypts files and decrypts files on OS X... I know some people believe OS X is closed system with a lot of things restricted, but believing those basic operations can't be performed is a little bit exaggerated.

[gdbinit]

What's the science of propagation?
Just go phishing... Or buy some fake flash update infection on the underground.
Easiest thing to do.

The point is that ransomware is as easy to build and spread in OS X as in any other platform. That's the point here. There's no need for v00d00 magic zero days. The important files for a user have the same permissions as the current user, so it's game over the moment someone executes the ransomware. And that is the easiest thing in the world to do, as the rise of ransomware has shown.

It's so easy that in fact there's already a OS X ransomware infrastructure being sold in the underground.

[gauthierj]

"The point is that ransomware is as easy to build and spread in OS X as in any other platform."

Easy to build you're right. But I hope everyone already knew it (I can't think of any reason why it would not be).

Easy to spread, that's another story. And as I stated before, your code does not show it.

Nevertheless, thanks for your answer.

Best regards,

Gauthier

Le 4 mars 2016 à 17:23, fG! notifications@github.com a écrit :

The point is that ransomware is as easy to build and spread in OS X as in any other platform.

[gdbinit]

Can't understand what's your point. There was nothing written for OS X before. I just wrote it in 15 mins to show how easy it is to make something that works and it's pretty hard to impossible to break. In particular because I can't understand all the home crypto many Windows ransomwares use.

My code doesn't need to show how to spread. There's no science at all on that. Just buy those services in the underground and that's it. Infecting a website and make infected downloads available costs like a few bitcoins. Ransomware doesn't need to spread like a worm or virus. It just needs a single execution and enough time to execute and it's game over.
The part that is missing is the management and payments, but that's another day or two of work. I'm not into the ransomware business ;-).