CSCI301 Assignment 1-Ransomware Solution

Creating Ransomware

In this assignment, your task is to write a simple ransomware using Python script with the pycryptodome package.

The assumptions on the ransomware are as follows: 1) An attacker has already broken into a victim’s Linux/Unix machine on which Python 3.5 or above and pycryptodome package are installed; 2) the attacker put its ransomware program, which is not necessary to be a single file, in the victim’s machine; 3) the victim has three to four text files and a python file in the directory where ransomware locates. Note that the text files have extension “.txt” and the python file has extension “.py”.

The ransomware should perform the following:
1) It generates a random alphabet table for symmetric encryption using substitution cipher.
2) It encrypts all .txt files to .enc files in the current directory using the key that the attacker generated in step 1). The files in the other folders or the files in the same folder but having different file extensions must not be impacted by the ransomware.
3) It comments out all the content of the existing .py files in the target folder (do not delete the content) and replicates itself to the .py files for the further propagation.
4) The key in step 1) is encrypted to key.bin using public key encryption. (RSA 2048 from Lab2)
5) It will finally display a message for asking ransom “Your text files are encrypted. To decrypt them, you need to pay me $10,000 and send key.bin in your folder to [me].” “[me]” should be your student email address.

Other requirements:
- In step 1), the key used to encrypt files must not appear in the source code of the ransomware program and must not be stored in the plaintext format in the victim’s system.
- Ignore numbers, special characters and spaces in the encryption process of substitution cipher.
- All .txt files locating in the folder where ransomware program is located must be deleted after they are encrypted to the .enc files.
- You must implement substitution encryption by yourself and use pycryptodome for public key encryption.
- The infected .py file in step 3) shares the public key of your original ransomware.
1


CSCI301 Contemporary Topics in Security
This material is copyrighted. It must not be distributed without permission from Jongkil Kim

Your next task is to write programs, key-recovery and file-recovery programs that recover (decrypt) all the encrypted files if the victim pays the ransom.

6) The key-recovery program decrypt the encrypted key (key.bin) and store the decrypted key in key.txt.
7) The file-recovery program must allow a user to decrypt the encrypted files created in step 2) using the key file created in 6). You do not need to recover the infected .py file in step 3).

Submission

Write programs that satisfy the above requirements. Make a folder named Assignment1 and include
• a ransomware program [50 marks]
• recovery programs [30 marks]
• A file containing a private key that is associated with a public key used in a ransomware program (named ransomprvkey.pem) [10 marks]
• A report that explains 1) all necessary information to run your programs (e.g., the python packages for your code) and 2) expected outcomes (with screenshots) for each program. [10 marks]

Compress the Assignment1 folder using a zip program to create yourStudentID_Assignment1.zip.

Use Subject Moodle site to upload your zip file.






2