Ransomware is a type of virus that, when it infects a computer, encrypts all of the victim’s data, and then displays a ransom note. AnonyViet found a tool called RAASNet, which helps create Ransomware in python and has an interface to set up and manage. In this article we will learn how to create Ransomware, as well as decrypt encrypted files.
Join the channel Telegram of the AnonyViet 👉 Link 👈 |
RAASNet and this article is for research purposes only. Not used in the real world. I am not responsible for any damage you may cause to the knowledge of this article.
For data safety, you should test this article on VMWare (Kali linux, Windows).
What does RAASNet do?
RAASNet is a python tool that helps you create Ransomeware at will, you can choose the file encryption, the content of the message to the victim and the decryption key. Characteristics:
- Create ransomware
- Customize the appearance of ransomeware
- FUD (bypass antivirus)
- Works on Windows, MacOS and Linux
- Super Fast Encryption with PyCrypto
- Can compile to EXE, APP or Unix/Linux
- Customize icon for exe
- Generate encryption/decryption key
- Demo mode (ransomeware won’t encrypt anything)
- Full screen mode (Warning takes up full screen)
- Custom alert messages for your victims
- Ghost Mode (Ghostmod) (Rename by adding .DEMON extension instead of encrypting files)
- Multiple encryption methods
- Multiple file types options for encryption
- Decide if the ransomeware should self-destruct (Control Panel mode only)
- Decide which drive to target for encryption (working directory)
- Verified server access via port forwarding VPN
How to use RAASNet to create Ransomeware
Create a Linux Server
On Kali linux, download the RAASNET Source suite by executing the commands below
git clone https://github.com/leonv024/RAASNet.git cd RAASNet pip3 install -r requirements.txt python3 RAASNet.py
Or download the backup link at: Download RAASNET (Password: anonyviet.com)
After completing the steps, you will see the RAASNET login interface, click on Register to create a management account and proceed to log in.
Now you will see the interface RAASNET Generatorwith 4 functions including:
- START SERVER:
- DECRYPT FILES: create a file decryption file for the victim
- GENERATE PAYLOADS: Create Ransomware
- COMPILE PAYLOAD: compile Ransomware to exe.
- PROFILE: account information
- EXIT: escape
Now let’s go in START SERVER: enter the IP of the management server, in this case, my Kali linux machine (open terminal and type command ifconfig
to see IP),
Then choose next GENERATE PAYLOADSto set operations for your Ransomeware.
- Mode: virus display mode
- Remote Server: IP of Server (in this post is IP of Kali linux)
- Encryption Type: file encryption mode, in which Ghost mode is the safest, only changing the file extension, not encrypting the data. You recommend using this mode for testing.
- Content: edit more notifications, images displayed when the victim activates the virus.
After the setup is complete, press Generate to start creating your own Ransomware.
Now in the folder RAASNet There will be 2 files:
- payload.py: this is the Ransomware you just created
- decryptor.py: this is a tool to decrypt data when the virus is encrypted
If you want to transfer files .py to .exe (you must run RAASNet on Windows) then go to Menu COMPILE PAYLOAD, After compiling, the file will be in the directory RAASNet/dish
Experiment on Windows
This article is only experimental, so I don’t compile the payload.py file to exe but run it in python to save time.
On Windows, install Python 3.x.
Open notepad to create file requirements.txt
with content:
numpy==1.19.3
pymsgbox
pyaes
pycryptodome
pyinstaller
requests
python-geoip-python3
python-geoip-geolite2
pillow
Open CMD and type command
pip install -r requirements.txt
In fact, when compiling py to exe, these libraries are already available, we will not have to perform the above steps.
Now try to copy the newly created ransomware to the Windows virtual machine. use command: python payload.py
to activate, boom, your data will be encrypted to the DEMON.
If you want to decrypt, copy the decryptor.py file to the Windows virtual machine and type the command, python decryptor.py
the data will be restored
Note
This article proves that current ransomware is quite dangerous and not detected by antivirus. Ransomware is created to work on Windows, Linux and MacOS. You should compile payload.py to EXE for easy demo on WINdows.
If you want to test Server in Internet environment, you should use VPN or NAT Port. Or better yet, rent a VPS in Azure or AWS for testing.
Finally, once again, this article is for study and research, not to apply to the outside environment and to other people. Otherwise, you will be held responsible before the law.