Welcome to BADWARE 👋

Ransomware Demonstration for Customer Experience Center

Description

Quick & Dirty ransomware written in Powershell for the purpose of demonstrations at Customer Experience Center.

This Powershell ransomware encrypts files using an X.509 public key certificate generated on the host :)

By Default the ransomware will cenrypt files in the C:\Data folder and save the X.509 public key certificate which is auto-generated in C:\YYYY-MM-DD-HHMM folder

This "ransomware" was inspired by Phirautee

__________    _____  ________     __      __  _____ _____________________
\______   \  /  _  \ \______ \   /  \    /  \/  _  \\______   \_   _____/
|    |  _/ /  /_\  \ |    |  \  \   \/\/   /  /_\  \|       _/|    __)_
|    |   \/    |    \|       \  \        /    |    \    |   \|        \
|______  /\____|__  /_______  /   \__/\  /\____|__  /____|_  /______JM /
       \/         \/        \/         \/         \/       \/        \/  2.3
[+] Let the carnage begin !!!
[+] Prepating Directory
[+] Init Certificate ...
[+] Init Encryption ...
[!] C:\Data\1.txt is now encrypted
[!] C:\Data\2.txt is now encrypted
[!] C:\Data\3.txt is now encrypted
[!] C:\Data\4.txt is now encrypted
[+] Badware Deployed Successfully...
[+] Cleaning Encryption key ...
[+] Intiating UI...
[+] Creating Badware.txt on Desktop ...
[+] Clean up the mess ...
[+] Exiting and waiting for the money

• Changelog
• Todo

Usage

• Simply modifiy variables at the begining of the script

# Directory Target to crypt 
$TargetEncr = "C:\Data"

# At the end load CPU to triggered some behavior alarm 
$CPULoad = $false

# Delete the script ransomware.ps1 
$SelfDestroy = $false

# Delete private key after 
$DeleteKey = $true 

# UI  
$delay = 60  # Delay to show the UI 

# Define the DN of the certificate 
$CertName = "DEMO RANSOMWARE"

• Execute the script badware.ps1

Legal Disclaimer

This project must not be used for illegal purposes or for hacking into system where you do not have permission, it is strictly for educational purposes. Performing any hack attempts or tests without written permission from the owner of the computer system is illegal. Badware project must not be used for illegal purposes. It is strictly for educational purposes.

Author

👤 Julien Mousqueton

• Website: https://www.julien.io
• Twitter: @JMousqueton
• Github: @JMousqueton
• LinkedIn: Julien Mousqueton

🤝 Contributing

Contributions, issues and feature requests are welcome!

Feel free to check issues page.

Show your support

Give a ⭐️ if this project helped you!

📝 License

Copyright © 2021-2023 Julien Mousqueton.

This project is Apache 2.0 licensed.