6.13 PLAYING THE VILLAN

EXERCISE 6.13: PLAYING THE VILLAN

Help Alice and Bob create some ransomware to infect WA servers. Start by creating a function that will encrypt a file on disk using an algorithm of your choice (e.g., AES-CTR or AES-CBC). The encrypted data should be saved to a new file with some kind of random name. Before moving on, test encrypting and decrypting the file.

Next, create the fake malware. This malware should be configured with a target directory and the permanent public key. The public key can be hard-coded directly into the code if you wish. Once up and running, it needs to generate a new RSA key pair, encrypt the local private key with the permanent public key, and delte any unencrypted copies of the local private key. If the private key is too big (e.g., more than 190) encrypt it in chunks.

Once the local key pair is generated, begin encrypting the files in the target directory. As an extract precaution, you can ask for manual approval before encrypting each file to make sure you don’t accidentlly encrypt the whole thing. For each file, encrypt it under a new random name and store a plaintext metadata file with the original name of the file, the encrypted key, and IV. Delete the original file if you feel that you can do so safely (we will NOT be held responsible for any mistakes on your part! Use a VM, only operate in a target directory on copies of unimportant files, and manually confirm each deletion!)

The rest should be straightforward. Your “malware” utility needs to save the encrypted private key to disk. This should be decrypted by a separate command and control utility that has access to the permanent private key. Once decrypted, it should be loaded by the malware and used to decrypt/release the files.

---

You are not getting a ransomware code from me!!

Even if you have the knowledge to create a ransomware, don’t be stupid, don’t be evil!!!