An Educational Ransomware Written in Rust.

Related tags

Cryptography windows rust malware rust-lang ransomware aes-encryption malware-development rust-ransomware
Overview

Rust-based Ransomware

This Windows ransomware example is written in 100% Rust. This code encrypts all files that the computer can read and write under the User directory.

How to Use

To use the ransomware, you will need to compile it from the source. Here are the steps to do so:

  1. Clone the repository to your local machine: git clone https://github.com/kuzeyardabulut/RustyLock.git

  2. Install Rust on your machine if you haven't already. You can download Rust from the official website: https://www.rust-lang.org/tools/install

  3. Navigate to the project directory and compile the code:

cd RustyLock
cargo build --release

  1. Once the code is compiled, you can run the ransomware: ./target/release/inject.exe

  2. The ransomware will encrypt all files in the User directory and its subdirectories with the AES algorithm.

Working Flow

This ransomware has been designed to encrypt files on a user's system and demand a ransom for their release. Here's how it works:

  1. Upon execution, the ransomware copies itself to the startup folder to ensure persistence across reboots.
  2. It then scans the user's directory and subdirectory for files that have read-write permissions and creates a list of these files, which it saves in the /tmp/ directory. The ransomware then waits for the next startup.
  3. During the next startup, the ransomware reads the list of files saved in the /tmp/ folder and begins encrypting them. Even if the system is turned off during this process, no data loss will occur. When the system is turned back on, the ransomware will resume the encryption process from where it left off.
  4. Once the encryption process is complete, the ransomware creates a file named encoded.txt and awaits the next startup.
  5. During the next startup, the ransomware detects the encoded.txt file and begins to decrypt the system. Again, even if the system is turned off during this process, no data loss will occur.
  6. Once all decryption processes are complete, the ransomware and its traces are deleted to avoid detection.

How it Works?

Upon opening the .exe file, the program first runs the anti-debugger and check_process functions. If these anti-reversing functions are passed without error, an incognito window is created. In this window, the path of the current location of the .exe file is retrieved, and the file is copied to \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup. The .dll file in the same directory is also copied to the \AppData\Local\Programs\Microsoft Store folder. Essentially, this adds the .exe to the startup scripts of Windows, ensuring that the file runs each time the computer is turned on.

In real Ransomware examples, running a .exe in startup scripts is not always advisable. Therefore, they can do some configuration for regedit, enabling the .exe to be run in the same way as startup scripts. However, to add configuration to regedit, the user must run the .exe as an administrator.

Following these steps, the ransomware's .dll file is injected into SecurityHealthSystray using the dll_syringe library. The .dll file activates many security functions, most of which are sourced from here. These anti-reversing functions are performed for a while and the program waits for their completion. If no issues are found during the check, the ransomware is launched.

Initially, AES keys are defined. In real examples, keys are randomly generated and transmitted to the server side over the internet. Every time the program is opened and closed, the program communicates with the server side with certain security measures until the encryption is complete. All key exchanges on the server side and client side are conducted in an asymmetric encrypted manner, making it impossible to reverse engineer and find the key.

Once the keys are created, directories are defined and the program starts. It first checks whether the system has been encrypted before by examining the \AppData\Local\Temp\encoded.txt file (in real examples, this is usually done by communicating with the APIs). If the system has been encrypted before, the program decrypts it using the decrypt_large_file function. Otherwise, the encrypt_file function is called to initiate the encryption.

When these functions are called, the program checks whether the target function has previously been executed. If so, it resumes from where it left off; otherwise, it starts the target function from the beginning.

Disclaimer

This ransomware is for educational purposes only. Please do not use it for any malicious activities. The author is not responsible for any damages or legal issues caused by the misuse of this code.

License

This code is licensed under the MIT License. Please see the LICENSE file for more details.

Contributions

Contributions are welcome! If you find any bugs or have any suggestions for improvement, please create a pull request.

You might also like...
A wallet library for Elements / Liquid written in Rust!

EDK Elements Dev Kit A modern, lightweight, descriptor-based wallet library for Elements / Liquid written in Rust! Inspired by BDK for Elements & Liqu

luca vaccaro 11 Dec 11, 2021
An encrypted multi client messaging system written in pure Rust

🚩 Preamble This is a pure Rust multi-client encrypted messaging system, also known as Edode's Secured Messaging System. It is an end-to-end(s) commun

Edode 3 Sep 16, 2022
An implementation of NZ COVID Pass verification written in Rust

NZCP Rust   An implementation of NZ COVID Pass verification, New Zealand's proof of COVID-19 vaccination solution, written in Rust 🦀 We also have a J

Vaxx.nz 7 Nov 24, 2022
Collection of block cipher algorithms written in pure Rust

RustCrypto: block ciphers Collection of block ciphers and block modes written in pure Rust. Warnings Currently only the aes crate provides constant-ti

Rust Crypto 506 Jan 3, 2023
A fully p2p cli chat utility written in rust.

P2P Chat Client This is a simple demonstration of a peer to peer chat client, written entirely in rust utilising the libp2p library. Demo On two seper

Josiah Bull 7 Dec 17, 2022
CLI tool written in Rust which can be used to generate hashes

rustgenhash rustgenhash is a tool to generate hashes on the commandline from stdio. It can be used to generate single or multiple hashes for usage in

Volker Schwaberow 11 Dec 29, 2022
Rusty Hog is a secret scanner built in Rust for performance, and based on TruffleHog which is written in Python.
Rusty Hog is a secret scanner built in Rust for performance, and based on TruffleHog which is written in Python.

Rusty Hog is a secret scanner built in Rust for performance, and based on TruffleHog which is written in Python. Rusty Hog provides the following bina

New Relic 306 Jan 4, 2023
Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.

foundry Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust. Foundry consists of: Forge: Ethe

Georgios Konstantopoulos 5.1k Jan 9, 2023
A small block explorer for geth PoAs written in rust
A small block explorer for geth PoAs written in rust

Tesseracts A minimalistic block explorer initially created to learn rust. This block explorer has been created as a rust self-learning project to give

adria0.eth 15 Jun 25, 2022
Owner
Security Consultant
null
GitHub https://kuzeyardabulut.com
Collection of cryptographic hash functions written in pure Rust

RustCrypto: hashes Collection of cryptographic hash functions written in pure Rust. All algorithms reside in the separate crates and implemented using

Rust Crypto 1.2k Jan 8, 2023
rabe is an Attribute Based Encryption library, written in Rust

Rabe rabe is a rust library implementing several Attribute Based Encryption (ABE) schemes using a modified version of the bn library of zcash (type-3

Fraunhofer AISEC 52 Dec 15, 2022
An extremely high performance matching engine written in Rust.

Galois Introduction Galois is an extremely high performance matching engine written in Rust, typically used for the crypto currency exchange service.

UINB Tech 66 Jan 7, 2023
A prototype implementation of the Host Identity Protocol v2 for bare-metal systems, written in pure-rust.

Host Identity Protocol for bare-metal systems, using Rust I've been evaluating TLS replacements in constrained environments for a while now. Embedded

null 31 Dec 12, 2022
A fast tool to scan prototype pollution vulnerability written in Rust. 🦀

ppfuzz Prototype Pollution Fuzzer A fast tool to scan prototype pollution vulnerability written in Rust. ?? Installation Binary Source Dependencies Us

Dwi Siswanto 410 Dec 27, 2022
A simple password manager written in rust

Passman - A password manager written in rust. How to use?: USAGE: passman option Currently available options are: new - initalize passman with a new m

Strawkage 7 Aug 26, 2021
A simple password manager written in Rust

ripasso A simple password manager written in Rust. The root crate ripasso is a library for accessing and decrypting passwords stored in pass format (G

Joakim Lundborg 550 Dec 30, 2022
Ruo is a dictionary-based password cracker written in rust 🦀 .

Ruo is a dictionary-based password cracker written in rust ?? . The primary purpose is to crack weak hashes/commonly used passwords.

Asjid Kalam 10 Mar 6, 2022
Keyhouse is a skeleton of general-purpose Key Management System written in Rust.

Keyhouse Keyhouse is a skeleton of general-purpose Key Management System. Keyhouse is not an off-the-shelf system, and it's not ready for production.

Bytedance Inc. 148 Jan 1, 2023
Solana Escrow Program written by RUST.

Environment Setup Install Rust from https://rustup.rs/ Install Solana from https://docs.solana.com/cli/install-solana-cli-tools#use-solanas-install-to

Blockchain*Lover* 5 Mar 10, 2022