Creation of a ransomware for education purposes.
This ransomware is designed for Windows systems. Here's how it works:
- It makes itself persistent by adding a key to the Windows registry.
- It scans for and encrypts all files from a specified starting directory.
- Upon completing the encryption process, it downloads a custom wallpaper and sets it as the computer's wallpaper to display a ransom message.
- Finally, it sends a DNS request to notify the attacker that a new victim has been found.
Note: This software is for educational purposes only and is not intended for malicious use.
The main.go file in the root of the project manages the execution of the ransomware.
Here's a brief overview of what each function does in main.go:
- main(): Entry point for the program. Handles program flow depending on whether there are command-line arguments and whether the process has admin privileges.
- CheckElevate(): Checks if the current process has admin privileges.
- Escalate(): If current process lacks admin privileges, this function elevates them.
- DiscoverDisk(): Discovers files starting from a specified path that have extensions listed in bad_extensions.
- MakePersistent(): Makes the malware persistent on the system.
- Encrypt(): Encrypts the discovered files.
- Decrypt(): Decrypts the files if the --decrypt flag is used when running the program.
- DownloadFile(): Downloads a custom wallpaper to display the ransom message.
- SystemParametersInfoW(): Changes the system's wallpaper to the one downloaded.
- LookupHost(): Sends a DNS request to inform the attacker about a new victim.
This software is built in Go, so make sure you have Go installed and set up correctly on your system. Then, install the dependencies and compile the ransomware with the following commands:
cd src
go get
go build -ldflags "-s -w" .
You can run the ransomware by double-clicking on it or simply running the following command :
.\ase.exe
There is a killswitch in the code, if you want to decrypt the files, you can run the following command :
.\ase.exe --decrypt