Skip to content
/ gocry Public

a simple academic ransomware implementation in pure go

License

GPL-3.0 license
6 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nireo/gocry

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

69 Commits
config
config
 
 
crypt
crypt
 
 
ransomware
ransomware
 
 
server
server
 
 
tc
tc
 
 
utils
utils
 
 
victim
victim
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

gocry

gocry is a simple ransomware implementation using golang. It hasn't been tested on Windows, but it does work on Linux.

Disclamer

This project is purely academic, use at your own risk. I do not encourage in any way the use of this software illegally or to attack targets without their permission

gocry is an academic ransomware made for learning about cryptography and security.

Running with server

Firstly you need to create an environment variable file .env in the server folder. The file should contain:

# .env
db_name=name of the database
db_port=port of the database
db_user=user that owns the postgres database
db_host=host where the user is in.

Then you can run the server by running:

go run server.go

Then running the actual ransomware that encrypts everything is ran by:

go run main.go

The values of the ransomware can be configured in the main.go file. The ransom message, root directory to encrypt and the address of the server.

Running without server

NOTE This is still feature is still work in progress. In the server folder there are some simple programs to make the ransomware manageable. Currently though the client will not work if a server connection cannot be established.

How it works.

  1. The program checks if any files are already encrypted, by checking for the .gocry extension. If files are already encrypted, check the <root_dir>/key.txt file for a valid decryption key. If not, continue the encryption process.
  2. The program creates a random 32-bit array using the crypto package's rand.Reader. Then the key from that is placed into a memguard key enclave.
  3. The key is passed into the crypt.EncryptRoot function which finds all the files in a given root directory, and encrypts them, using AES-GCM 256-bit encryption.
  4. Once encryption is done, the victim information is sent to the server, and establishing a unique id, with which the server can identify the client.

Todo:

These are issues or ideas I think should be added.

  • Fix filepaths such that they work for both windows and linux.
  • Make it fully optional to use a server.

Dependencies

  • memguard We want to use memguard as it tries to protect the key in memory, such that person cannot just find the key too easily.
  • gorm

Contributing

The development has been seized and any contributions will be accepted.

About

a simple academic ransomware implementation in pure go

Resources

Readme

License

GPL-3.0 license
Activity

Stars

6 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages