Writing ransomware in under 40 lines

DISCLAMER:

If you run this program without the if(text.txt) and change ../ to homedir, YOU WILL RUIN YOUR COMPUTER!

We’re basically going to write a full ransomware program in 40 lines of Javascript!

This example will assume you already have knowledge of generator functions, basic cryptography.

Firstly we’re going to import everything we’re going to need. You won’t need to install any npm packages either this is all completely native.

Next we’re going to declare two variables an encryption key and an initialisation vector. These things should be random and in buffer form or you’ll get some nasty errors, i’ve included them in the format that they will work, plug and play as such.

Next it’s time to build an encryption function. So essentially we accept a param val that is encrypted using AES-256, then returning the encrypted data back from the function.

Next we’ll build a getFiles generator function that will essentially recursively loop through all the files and folders.

Finally we’ll build a function that will encrypt everything.

You can alternatively add an unlock file telling users how to unlock their files.

And there you have it, we’ve built a crude ransomware attack in nodejs in under 50 lines.

Imagine someone throwing this into an npm package crudely and you can see the devastating results something like this could have.