This project is intended solely for educational purposes and must be executed only in a controlled, sandboxed environment.
Unauthorized or real-world use is highly illegal and may result in criminal penalties including imprisonment. The creator of this project disclaims all responsibility for misuse or damages.
YOU HAVE BEEN WARNED.
This repository includes a built-in kill switch to ensure it does not cause irreparable harm. The goal is NOT to harm but to facilitate learning about ransomware mechanics—for academic and cybersecurity research purposes only.
KRYPT0S is a Python-based ransomware simulation crafted to reveal the inner workings of real-world ransomware. Its primary objective is to help cybersecurity professionals, researchers, and enthusiasts understand ransomware behaviors and develop effective defense strategies.
- Complex Encryption Handling
Utilizes AES encryption to lock files on Windows systems. - Persistence and Stealth
Modifies system settings to run in the background and survive reboots. - Ransomware Screen
Mimics a WannaCry-style interface (all Bitcoin addresses and data are fake for simulation). - Stealth Tactics
Disables Windows Defender, stops security services, and deletes shadow copies. - Parallel Encryption
Employs multithreading to encrypt files across all drives quickly. - Event Log Removal
Attempts to wipe Windows event logs to conceal its tracks. - Vast Encryption Scope
Encrypts various file types—including.exefiles in critical directories—for maximum disruption. - Secure Keys
Generates and protects encryption keys in memory, complicating forensic analysis. - Change System Wallpaper
Simulates altering the system wallpaper to instill fear (no actual risk if kill switch is enabled).
A defining characteristic of KRYPT0S is that there is no built-in decryption capability. Once encrypted:
- File extensions are changed, complicating recovery efforts.
- Infections on multiple machines lead to chaotic decryption attempts.
- Victims may be tricked into paying a ransom—but true recovery is unlikely.
- The absence of a decryption routine underscores the gravity of ransomware threats and the necessity for strong cybersecurity measures.
KRYPT0S includes a fake ransomware screen for realistic testing scenarios:
- Fake Bitcoin Details
All addresses and information are fabricated for demonstration only. - Simulated Buttons
The user interface is purely illustrative—no real transactions occur. - Lockdown Interface
Closes off the “X” button and Alt+F4, making forced termination more challenging. - Enhanced Persistence
Continuously rechecks specific registry keys, hindering manual removal attempts.
KRYPT0S is intended for academic and training settings within sandboxed environments. A kill switch stops its malicious behavior if certain conditions are met, reducing the likelihood of unintentional damage.
- Convert and Execute
- Convert the Python scripts (
.py) into executables (.exe) with the provided converter script. - Launch
KRYPT0S.exe;Screen.exewill run afterward to simulate the ransomware interface.
- Convert the Python scripts (
- Windows Environment Only
- The converter supports Windows only. Execution on UNIX-based systems is not supported.
Once running:
- KRYPT0S scans all drives and encrypts files with targeted extensions.
.exefiles in crucial directories (like/Downloadsor/OneDrive) are also encrypted, potentially causing a system meltdown due to disabled essential programs.- This highlights the catastrophic impact of true ransomware, emphasizing the importance of strong security measures.
Aftermath of the Attack
Encrypted Files
KRYPT0S is a powerful educational tool for illustrating the complexity and risk posed by modern ransomware. Properly understanding ransomware behavior is essential for IT professionals and security researchers to build stronger defenses. Always use this project under legal, ethical constraints and in isolated test environments.