GonnaCry Rasomware
Original Repository of the GonnaCry Ransomware.
GonnaCry is a linux ransomware that encrypts all the user files with a strong encryption scheme.
This project is OpenSource, feel free to use, study and/or send pull request.
Ransomware Impact on industry
https://medium.com/@tarcisioma/how-can-a-malware-encrypt-a-company-existence-c7ed584f66b3
How this ransomware encryption scheme works:
https://medium.com/@tarcisioma/ransomware-encryption-techniques-696531d07bb9
How this ransomware works:
https://0x00sec.org/t/how-ransomware-works-and-gonnacry-linux-ransomware/4594
https://medium.com/@tarcisioma/how-ransomware-works-and-gonnacry-linux-ransomware-17f77a549114
Mentions:
https://www.sentinelone.com/blog/sentinelone-detects-prevents-wsl-abuse/
https://hackingvision.com/2017/07/18/gonnacry-linux-ransomware/
https://www.youtube.com/watch?v=gSfa2L158Uw
Disclaimer
This Ransomware mustn't be used to harm/threat/hurt other person's computer.
Its purpose is only to share knowledge and awareness about Malware/Cryptography/Operating Systems/Programming.
GonnaCry is an academic ransomware made for learning and awareness about security/cryptography.
Be aware running C/bin/GonnaCry or Python/GonnaCry/main.py Python/GonnaCry/bin/gonnacry in your computer, it may harm.
What's a Ransomware?
A ransomware is a type of malware that prevents legitimate users from accessing their device or data and asks for a payment in exchange for the stolen functionality. They have been used for mass extortion in various forms, but the most successful one seems to be encrypting ransomware: most of the user data are encrypted and the key can be obtained paying the attacker. To be widely successful a ransomware must fulfill three properties:
Property 1: The hostile binary code must not contain any secret (e.g. deciphering keys). At least not in an easily retrievable form, indeed white box cryptography can be applied to ransomware.
Property 2: Only the author of the attack should be able to decrypt the infected device.
Property 3: Decrypting one device can not provide any useful information for other infected devices, in particular the key must not be shared among them.
Objectives:
- encrypts all user files with AES-256-CBC.
- Random AES key and IV for each file.
- Works even without internet connection.
- Communication with the server to decrypt Client-private-key.
- encrypts AES key with client-public-key RSA-2048.
- encrypts client-private-key with RSA-2048 server-public-key.
- Changes computer wallpaper -> Gnome, LXDE, KDE, XFCE.
- Decryptor that communicate to server to send keys.
- python webserver
- Daemon
- Dropper
- Kills databases