Stockholm - 42Madrid

Ransomware.

Encrypt and decrypt multiple files and directories.

This is a project developed in the cybersecurity bootcamp of 42Madrid.

WARNING:

[Don't lose the totem.key]

Subject:

The goal of this project is to make a small program capable of causing big problems.

Although the greatest virtue of ransomware is its ability to spread across networks of hundreds of computers, in this case hundreds of computers, in this case, the program will affect a ‘small’ part of your files.

The program must be developed for Linux or Macos systems, affecting all files located in the /home/$user/infection directory and all files with extensions that were affected by the WannaCry virus. A secure encryption algorithm must be used to encrypt the files and they must be renamed with the extension ‘.ft’ once encrypted.

Project:

The program was developed using the Python programming language and testing was performed in a docker container to avoid risks.

To encrypt the files, the Python cryptography module was used, which implements Fernet that uses the AES encryption algorithm.

The Advanced Encryption Standard, abbreviated to AES, is used to encrypt data and protect it against unauthorized access. The cryptographic method uses a key of varying length for this purpose and is called AES-128, AES-192 or AES-256, depending on the key length used.
It is one of the most secure encryption methods, used publicly and privately by companies, organizations and governments such as the NSA.

The software scans the /infection directory and all subdirectories within it for files matching the extensions to be encrypted. The result of the search is a list of target files and then it proceeds to encrypt each of them.

When the decryption option is executed, a scan of the same path will also be performed in search of files that have been previously encrypted and have not been modified by the user, and then decrypted one by one.


To really see the speed and power of the tool it is recommended to use the ‘–silent’ parameter, which does not generate any output.


Script Options

# Default mode - Encrypt files
- ./stockholm 
# Reverse mode - Decrypt files
- ./stockholm -r + 'pass_key'
# Silent mode
- ./stockholm -s | ./stockholm -r + 'pass_key' -s
# Print version
- ./stockholm -v
# Print help
- ./stockholm -h


Docker test

Enjoy it!

View the source code here


Project completed

Rating: lgomes-o's 42 stockholm Score

Next Project

Ft_otp - 42Madrid