Crypt Vortex

Crypt Vortex is a ransomware simulation reflecive DLL which uses a custom encryption algorithm to encrypt the files. It can encrypt and decrypt files on a host and provides lots of customization with recursive folder encryption support. You can run this command by right clicking a badger and selecting Arsenal->Crypt Vortex.

You can either select to encrypt or decrypt a specified path. The encrypt option provides 4 options. The first one is the encryption key, second option is the path to encrypt and the third option is the extension of the file after the encryption completes. This command also supports an additional optional argument to specify only the selected type of files you want to encrypt. For example, if you want to encrypt only Word and Excel files, you can select .docx and .xlsx with comma seperation.

The encryption happens recursively. So if your path contains multiple folders and if those folders contain more folders, then all the folder will be recursively encrypted one by one. The below figure shows the directory which contains 4 files. The cryptvortex command also returns the status of the encrypted files and the password used to encrypt them, so that if you decide at a later date that you want to decrypt some stuff, then you can still find the password in the badger logs.

The below figure shows the encrypted content of the simple text file which looks like garbage. Once the encryption process completes, the original file gets deleted from the disk. Take heavy caution while running this since it can heavily damage the host if you don’t know what you are doing.

Similar to encryption, Brute Ratel also provides a decrypt option. This is a reverse algorithm which decrypts the files in a provided path. It also takes in a extension of the file which it will later add it to the name of the decrypted files.

We chose .dec as the decrypted file extension, so it will decrypt all the files in the given directory and store them on the same path with .dec extension.

And as you can see, we have successfully decrypted the contents of the file.