Awesome Open Source
Awesome Open Source

GonnaCry Rasomware

Original Repository of the GonnaCry Ransomware.

GonnaCry is a linux ransomware that encrypts all the user files with a strong encryption scheme.

This project is OpenSource, feel free to use, study and/or send pull request.

Travis branch Travis branch Travis branch Travis branch


Ransomware Impact on industry

https://medium.com/@tarcisioma/how-can-a-malware-encrypt-a-company-existence-c7ed584f66b3

How this ransomware encryption scheme works:

https://medium.com/@tarcisioma/ransomware-encryption-techniques-696531d07bb9

How this ransomware works:

https://0x00sec.org/t/how-ransomware-works-and-gonnacry-linux-ransomware/4594

https://medium.com/@tarcisioma/how-ransomware-works-and-gonnacry-linux-ransomware-17f77a549114

Mentions:

https://www.sentinelone.com/blog/sentinelone-detects-prevents-wsl-abuse/

https://hackingvision.com/2017/07/18/gonnacry-linux-ransomware/

https://www.youtube.com/watch?v=gSfa2L158Uw


Disclaimer

This Ransomware mustn't be used to harm/threat/hurt other person's computer.

Its purpose is only to share knowledge and awareness about Malware/Cryptography/Operating Systems/Programming.

GonnaCry is an academic ransomware made for learning and awareness about security/cryptography.

Be aware running C/bin/GonnaCry or Python/GonnaCry/main.py Python/GonnaCry/bin/gonnacry in your computer, it may harm.


What's a Ransomware?

A ransomware is a type of malware that prevents legitimate users from accessing their device or data and asks for a payment in exchange for the stolen functionality. They have been used for mass extortion in various forms, but the most successful one seems to be encrypting ransomware: most of the user data are encrypted and the key can be obtained paying the attacker. To be widely successful a ransomware must fulfill three properties:

Property 1: The hostile binary code must not contain any secret (e.g. deciphering keys). At least not in an easily retrievable form, indeed white box cryptography can be applied to ransomware.

Property 2: Only the author of the attack should be able to decrypt the infected device.

Property 3: Decrypting one device can not provide any useful information for other infected devices, in particular the key must not be shared among them.


Objectives:

  • [x] encrypts all user files with AES-256-CBC.
  • [x] Random AES key and IV for each file.
  • [x] Works even without internet connection.
  • [x] Communication with the server to decrypt Client-private-key.
  • [x] encrypts AES key with client-public-key RSA-2048.
  • [x] encrypts client-private-key with RSA-2048 server-public-key.
  • [x] Changes computer wallpaper -> Gnome, LXDE, KDE, XFCE.
  • [x] Decryptor that communicate to server to send keys.
  • [x] python webserver
  • [x] Daemon
  • [ ] Dropper
  • [x] Kills databases
Related Awesome Lists
Top Programming Languages
Top Projects

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Python (795,011
Python2 (795,001
C (180,208
Encryption (11,831
Cryptography (10,619
Openssl (4,347
Aes (3,419
Malware (3,007
Decryption (1,999
Malware Analysis (647
Aes Encryption (456
Crypto Library (310
Rsa Cryptography (116
Malware Development (48
Rsa Key Encryption (32
Ransomware Prevention (26
Ransom Worm (4