Decrypt Encrypted ZIPs
-
Unfortunately, an attacker was able to exploit the vulnerability on the affected server and began installing a ransomware virus. Luckily, the Incident Detection & Response team was able to prevent the ransomware virus from completely installing, so it only managed to encrypt one zip file.
-
Internally, the Chief Information Security Officer does not want to pay the ransom, because there isn’t any guarantee that the decryption key will be provided or that the attackers won’t strike again in the future.
-
Instead, we would like you to bruteforce the decryption key. Based on the attacker’s sloppiness, we don’t expect this to be a complicated encryption key, because they used copy-pasted payloads and immediately tried to use ransomware instead of moving around laterally on the network.
-
A Python script to bruteforce the decryption key of the encrypted file.
-
Bruteforcing is the act of repeatedly trying different combinations to break the password encryption (based on either randomly generated passwords, or from a list of passwords to try). In the resource folder, we've provided a small subset of passwords from Rockyou - a widely know password wordlist that contains thousands of common passwords in one wordlist.
-
Ransomware will often encrypt all files on a device, and sometimes give the decryption key after the ransom has been paid (but this is not always the case!). So, we would like to break the encryption without paying the ransom.
-
A foundational Python 3+ template has also been provided for you in the resource. One potential implementation is described in the code comments.
-
Encrypted File & Bruteforce.py (Python 3+) Template has also been provided for you in the resource.
-
After, open the decrypted word doc and paste your Python code at the bottom of the doc. Upload this with Pull Request.
Python is an easy-to-learn scripting language that is often used in security research. If you want to learn more about Python to help you with this task, visit this Python resource.
NOTE: This script need python installed in Windows.
