GonnaCry – Linux Ransomware That Encrypts All User Files

Read our disclaimer before you continue. This tool is only provided as a convince any actions and or activities related to the material contained within this Website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors of hackingvision.com will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.

Note: This description has been translated from Portuguese.

GonnaCry is a Ransomware that encrypts all user files, files won’t be able to be retrieved without being backed up, or until you communicate with the server to retrieve the private key and thus undo the encryption. GonnaCry should not be used to harm anyone, it’s just an academic program, done to generate study and learning. It is not completely complete, nor does it have all the features of WannaCry2.0, however, it contains some of its features. Beware of using GonnaCry. Do not run on your computer.

What is ransomware?

Ransomware is a type of virus that prevents the computer from using the infected person. Some Ransomwares block the user’s screen, not allowing its use, while others encrypt all the important files of the user. GonnaCry only encrypts the user’s files. If you want to test: this test does not affect the files on your computer, only the files inside the / test folder.

Download GonnaCry

[php]git clone https://github.com/tarcisio-marinho/GonnaCry.git[/php]

[php]cd GonnaCry[/php]

[php]~ $ Sudo pip install -r requeriments.txt[/php]

Ransomware test

Test does not affect your computer.

Test files: A txt, mp3, jpeg and a png to be tested

Test files are stored in GonnaCry/tests/teste

To encrypt them:

[php]cd GonnaCry/tests[/php]

[php]~ $ python criptografa.py[/php]

You see that the original files have been replaced and by the .cripto

[php]~ $ python descriptografa.py[/php]

Finally, return of the original files


  • Encrypt all files with AES-256-CBC.
  • Encrypt peripheral devices: USB flash drives. 
  • Random generation of AES keys for each infected.
  • It works even without the infected device having communication with the Internet.
  • Communication with the server to request private key.    
  • Encrypt AES key with RSA-1024.    
  • Encrypt the private key with RSA-1024 from the server.    
  • Exchanging computer wallpaper.    
  • Destroy original files with no possibility of recovery.    
  • Complete program.

How GonnaCry Works:

Key Generation  – The server generates its private and public key (RSA). Unique, immutable, that will be used to encrypt the AES key, generated by Ransomware.

When the client is infected, Ransomware generates 3 keys: Key to encrypt the files. Algorithm -> AES (symmetric key)  Single private key of infected client, randomly generated. Algorithm -> RSA (asymmetric key).

Single public key of infected client, randomly generated. Algorithm -> RSA (asymmetric key). Execution algorithm  Encrypts all video files with the AES key. At the end of the previous step, the AES key is encrypted with the Ransomware public key. Ransomware’s private key is encrypted with the server’s public key (unique and immutable). Return of data. To decrypt the files, you need the AES key, which can only be decrypted by a private key. The same private key is encrypted with a public key from the server. To reverse the vita data, you need the server’s private key, needing to communicate with the server to request your key. To decrypt the Ransomware private key with the server’s private key, thus decrypting the AES key. Finally, use the AES key to decrypt the files from the victim.

Credits: tarcisio-marinho