Repository files navigation

KRYPT0S : Encrypt, Conceal, Control

Proof-of-Concept Ransomware Wiper

This project is intended solely for educational purposes andmust be executed only in a controlled, sandboxed environment.

Unauthorized or real-world use is highly illegal and may result incriminal penalties including imprisonment. The creator of this project disclaims all responsibility for misuse or damages.

YOU HAVE BEEN WARNED.

This repository includes a built-in kill switch to ensure it does not cause irreparable harm.The goal is NOT to harm but to facilitate learning about ransomware mechanics—for academic and cybersecurity research purposes only.

KRYPT0S is aPython-based ransomware simulation crafted to reveal theinner workings of real-world ransomware. Its primary objective is to help cybersecurity professionals, researchers, and enthusiastsunderstand ransomware behaviors anddevelop effective defense strategies.

• Complex Encryption Handling
  Utilizes AES encryption to lock files on Windows systems.
• Persistence and Stealth
  Modifies system settings to run in the background and survive reboots.
• Ransomware Screen
  Mimics a WannaCry-style interface (all Bitcoin addresses and data are fake for simulation).
• Stealth Tactics
  Disables Windows Defender, stops security services, and deletes shadow copies.
• Parallel Encryption
  Employs multithreading to encrypt files across all drives quickly.
• Event Log Removal
  Attempts to wipe Windows event logs to conceal its tracks.
• Vast Encryption Scope
  Encrypts various file types—including.exe files in critical directories—for maximum disruption.
• Secure Keys
  Generates and protects encryption keys in memory, complicating forensic analysis.
• Change System Wallpaper
  Simulates altering the system wallpaper to instill fear (no actual risk if kill switch is enabled).

Adefining characteristic of KRYPT0S is that there isno built-in decryption capability. Once encrypted:

• File extensions are changed, complicating recovery efforts.
• Infections on multiple machines lead tochaotic decryption attempts.
• Victims may be tricked into paying a ransom—buttrue recovery is unlikely.
• The absence of a decryption routineunderscores the gravity of ransomware threats and the necessity for strong cybersecurity measures.

KRYPT0S includes afake ransomware screen for realistic testing scenarios:

• Fake Bitcoin Details
  All addresses and information are fabricated for demonstration only.
• Simulated Buttons
  The user interface is purely illustrative—no real transactions occur.
• Lockdown Interface
  Closes off the “X” button and Alt+F4, making forced termination more challenging.
• Enhanced Persistence
  Continuously rechecks specific registry keys, hindering manual removal attempts.

KRYPT0S is intended foracademic and training settings withinsandboxed environments. Akill switch stops its malicious behavior if certain conditions are met, reducing the likelihood of unintentional damage.

1. Convert and Execute
   • Convert the Python scripts (.py) into executables (.exe) with the provided converter script.
   • LaunchKRYPT0S.exe;Screen.exe will run afterward to simulate the ransomware interface.
2. Windows Environment Only
   • The converter supportsWindows only. Execution on UNIX-based systems is not supported.

Once running:

• KRYPT0Sscans all drives and encrypts files with targeted extensions.
• .exe files in crucial directories (like/Downloads or/OneDrive) are also encrypted, potentially causing asystem meltdown due to disabled essential programs.
• This highlights thecatastrophic impact of true ransomware, emphasizing the importance of strong security measures.

Aftermath of the Attack

Encrypted Files

KRYPT0S is apowerful educational tool for illustrating thecomplexity and risk posed by modern ransomware. Properly understanding ransomware behavior is essential for IT professionals and security researchers to buildstronger defenses. Always use this project underlegal, ethical constraints and inisolated test environments.