logo
Published on

Ransomware - macro / exe

Authors
  • avatar
    Name
    Mario Ritter
    Twitter

Introduction about ransomware

Ransomware is a type of malware that attacks user devices, encrypts their files and then demands a ransom to decrypt them. This type of malware represents one of the most serious cyber threats today, as victims are often forced to pay large sums of cryptocurrency to regain access to their data. Ransomware attacks can have a devastating impact on individuals, organisations and government institutions, which may lose access to sensitive information, financial data or key systems.

Something about code

Our example code demonstrates the basic structure of ransomware, which includes several steps to effectively encrypt a victim's files and then display the ransom note. This code generates a warning wallpaper for the user's desktop and creates a ransom file. But the main function of the code is to encrypt files in defined directories using 256-bit AES encryption, which ensures that the files are not accessible without the decryption key. The code also includes several mechanisms to make the attack more difficult to detect in real time.

Macro / exe file

In this case, a relatively simple method of distributing ransomware via macro code was chosen. This macro code is embedded in a Word document and, when executed, downloads a malicious .exe file from a remote server that contains the ransomware itself. This method is often used because macros in Office documents can be easily hidden and executed by an inattentive user. In other cases, the ransomware can be directly delivered as an .exe file that is executed on the target device.

The attack itself

The attack can start by sending a phishing email with an attached Word document containing a macro, or with an exe file packaged in archives such as .cab or .rar to bypass Mark of the Web (MOTW) blocking. As soon as the victim opens the document or runs the exe file, the ransomware is automatically downloaded and executed, which immediately starts encrypting files on the infected device.

Video

Video description

In the video you can watch the whole process in practice. From downloading a Word document, opening it and automatically running a macro that downloads and executes the ransomware, to encrypting the files on the drive. The second part of the video shows a similar procedure, but with direct execution of the exe file. The result of both scenarios is that the data is encrypted and without the decryption key, it is impossible to regain access to those files.

Statement

The goal of this article and video is not only to demonstrate the potential misuse of technologies such as macros and binaries, but also to emphasize that no technology is 100% secure. It is essential to use common sense and constantly consider the risks associated with using any software or system.

Disclaimer: Unauthorized tampering with someone else's system is illegal and punishable. All hacking activities should only be carried out with the express permission of the system owner and in accordance with applicable laws. This article does not serve as a guide for illegal activity, but as a warning and educational material to improve security and awareness of the threats associated with ransomware.

Stay Kawaii and Hack the Planet!

kawaii
       /\_/\
      ( o.o )
       > ^ <

Due to lack of time translated via DeeplAI. sooooory :((

SHARE