- Ransomware Lab -


Lab Goals


  1. Understand the detrimental effects of ransomware.
  2. Reverse engineer simple ransomware software.

Quick introduction to Ransomware


    Ransomware is malicious software that blocks access to a computer or information until a specific amount of money has been paid. It belongs to the general category of malware, i.e., malicious, intrusive software.

Prerequisites


  1. You will need basic command line knowledge to complete this lab. Codecademy has a great tutorial on this topic.
  2. Basic cryptography: Khan academy has a great class on cryptography and these ciphers that can be found here.
  3. Hashing: Here is an interesting video from khan academy on hash functions.

Part 1: Setting up the topology


  1. Reserve a single Xen VM with default settings
  2. Log onto the node and download the provided text files and python script scan_directories.py
  3. To download all the files use the following commands:
    wget https://github.com/mundruid/CyberPaths/raw/master/Ransomware.zip
    and
    wget https://raw.githubusercontent.com/mundruid/CyberPaths/master/pythonScripts/scan_directories.py
  4. To unzip your files use the following command:
    unzip Ransomware.zip

Part 2: The Mission


  1. Log onto the machine assigned by your instructor. If you have reserved your own virtual machine, you may login to this machine.
  2. Find all the files by using the proper directory listing commands and view those files.
  3. Run the file scan_directories.py to scan your machine for viruses by using the following command:
    python scan_directories.py
  4. Open the text files again, after the scan_directories.py has been executed.
  5. What do you think happened? Can you convert the files back to their original form?
  6. Open the file scan_directories.py with your favorite text editor. My favorite is vim, but a simpler editor would be nano:
    nano scan_directories.py
    . What do you think this code is doing?
  7. Should you run a file that someone sent you on an email, even if this looks like a file sent by your manager/instructor/ someone you know? Why?