{"id":171147,"date":"2025-12-01T18:00:37","date_gmt":"2025-12-01T18:00:37","guid":{"rendered":"https:\/\/ushopwell.com\/ublog\/reversing-ransomware-building-your-own-decrypter\/"},"modified":"2025-12-01T18:00:37","modified_gmt":"2025-12-01T18:00:37","slug":"reversing-ransomware-building-your-own-decrypter","status":"publish","type":"post","link":"https:\/\/ushopwell.com\/ublog\/reversing-ransomware-building-your-own-decrypter\/","title":{"rendered":"Reversing Ransomware: Building Your Own Decrypter"},"content":{"rendered":"<div class=\"youtubomatic-video-container\"><iframe loading=\"lazy\" width=\"580\" height=\"380\" src=\"https:\/\/www.youtube.com\/embed\/5Dp4CCKTSgY?autoplay=1&#038;controls=1&#038;hl=en\" frameborder=\"0\" allowfullscreen><\/iframe><\/div>\n<p>We locked them up, now let&#8217;s set them free. In Part 1, we built a simple ransomware script to encrypt files in a directory. In this video, we complete the cycle by writing the Decrypter. <\/p>\n<p>We\u2019ll cover how to handle encryption keys properly, reverse the logic of our previous script, and restore our files to their original state.<\/p>\n<p>\u26a0\ufe0f DISCLAIMER: This content is for educational purposes and cybersecurity research only. Understanding how malware functions is critical for Red Teaming and Blue Teaming alike. Do not use this code on systems you do not have permission to test.<\/p>\n<p>What Changed from Part 1? In the previous video, we generated a random key but didn&#8217;t save it (my bad!). <\/p>\n<p>In this video, we fix that by ensuring our script writes a key.txt file so we actually have a way to unlock our data &#8211; a critical component of symmetric encryption.<\/p>\n<p>Key Concepts Covered:<\/p>\n<p>\u2022 Symmetric Key Management: Reading the Fernet key from a file.<\/p>\n<p>\u2022 Logic Reversal: Switching from encrypt() to decrypt() methods.<\/p>\n<p>\u2022 File Integrity: How to iterate through a directory without corrupting the decryption script or the key itself.<\/p>\n<p>\u2022 Sanity Checks: Verifying the data is actually readable after the process.<\/p>\n<p>Timestamps:<br \/>\n00: 00 Introduction and Recap<br \/>\n00: 42 Reviewing the Ransomware Script<br \/>\n00: 51 Importing Necessary Libraries<br \/>\n01: 24 Generating and Saving the Encryption Key<br \/>\n02: 19 Encrypting Files<br \/>\n03: 34 Decrypting Files<br \/>\n04: 04 Avoiding Self-Encryption<br \/>\n05: 06 Reading and Decrypting Files<br \/>\n06: 43 Final Sanity Check<br \/>\n08: 18 Conclusion and Viewer Engagement<\/p>\n<p>Links: \ud83d\udcfa Watch Part 1 (The Encryption): <a href=\"https:\/\/youtu.be\/OxVGTVhCftA\" target=\"_blank\">https:\/\/youtu.be\/OxVGTVhCftA<\/a><\/p>\n<p>#python  #cybersecurity  #ransomware  #decryption  #redteaming  #codingtutorial  #malwareanalysis  #suitupandhack<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We locked them up, now let&#8217;s set them free. In Part 1, we built a simple ransomware script to encrypt files in a directory. In this video, we complete the cycle by writing the Decrypter. We\u2019ll cover how to handle encryption keys properly, reverse the logic of our previous script, and restore our files to their original state. \u26a0\ufe0f DISCLAIMER: This content is for educational purposes and cybersecurity research only&#8230;.<\/p>\n","protected":false},"author":1,"featured_media":171148,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-171147","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Reversing Ransomware: Building Your Own Decrypter - UshopWell.com<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/ushopwell.com\/ublog\/reversing-ransomware-building-your-own-decrypter\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Reversing Ransomware: Building Your Own Decrypter - UshopWell.com\" \/>\n<meta property=\"og:description\" content=\"We locked them up, now let&#8217;s set them free. In Part 1, we built a simple ransomware script to encrypt files in a directory. In this video, we complete the cycle by writing the Decrypter. We\u2019ll cover how to handle encryption keys properly, reverse the logic of our previous script, and restore our files to their original state. \u26a0\ufe0f DISCLAIMER: This content is for educational purposes and cybersecurity research only....\" \/>\n<meta property=\"og:url\" content=\"https:\/\/ushopwell.com\/ublog\/reversing-ransomware-building-your-own-decrypter\/\" \/>\n<meta property=\"og:site_name\" content=\"UshopWell.com\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-01T18:00:37+00:00\" \/>\n<meta name=\"author\" content=\"UShopWell\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"UShopWell\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/reversing-ransomware-building-your-own-decrypter\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/reversing-ransomware-building-your-own-decrypter\\\/\"},\"author\":{\"name\":\"UShopWell\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#\\\/schema\\\/person\\\/6fd1f9e0ff932e534c86c70d5acff0fc\"},\"headline\":\"Reversing Ransomware: Building Your Own Decrypter\",\"datePublished\":\"2025-12-01T18:00:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/reversing-ransomware-building-your-own-decrypter\\\/\"},\"wordCount\":253,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/reversing-ransomware-building-your-own-decrypter\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/171147\\\/reversing-ransomware-building-your-own-decrypter.jpg\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/reversing-ransomware-building-your-own-decrypter\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/reversing-ransomware-building-your-own-decrypter\\\/\",\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/reversing-ransomware-building-your-own-decrypter\\\/\",\"name\":\"Reversing Ransomware: Building Your Own Decrypter - UshopWell.com\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/reversing-ransomware-building-your-own-decrypter\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/reversing-ransomware-building-your-own-decrypter\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/171147\\\/reversing-ransomware-building-your-own-decrypter.jpg\",\"datePublished\":\"2025-12-01T18:00:37+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/reversing-ransomware-building-your-own-decrypter\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/reversing-ransomware-building-your-own-decrypter\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/reversing-ransomware-building-your-own-decrypter\\\/#primaryimage\",\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/171147\\\/reversing-ransomware-building-your-own-decrypter.jpg\",\"contentUrl\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/171147\\\/reversing-ransomware-building-your-own-decrypter.jpg\",\"width\":480,\"height\":360,\"caption\":\"Reversing Ransomware: Building Your Own Decrypter\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/reversing-ransomware-building-your-own-decrypter\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Reversing Ransomware: Building Your Own Decrypter\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#website\",\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/\",\"name\":\"UshopWell.com\",\"description\":\"The Premiere Online Marketplace\",\"publisher\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#organization\",\"name\":\"UshopWell\",\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2018\\\/01\\\/pandaSwea.png\",\"contentUrl\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2018\\\/01\\\/pandaSwea.png\",\"width\":365,\"height\":359,\"caption\":\"UshopWell\"},\"image\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#\\\/schema\\\/person\\\/6fd1f9e0ff932e534c86c70d5acff0fc\",\"name\":\"UShopWell\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g\",\"caption\":\"UShopWell\"},\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/author\\\/kburnettu\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Reversing Ransomware: Building Your Own Decrypter - UshopWell.com","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/ushopwell.com\/ublog\/reversing-ransomware-building-your-own-decrypter\/","og_locale":"en_US","og_type":"article","og_title":"Reversing Ransomware: Building Your Own Decrypter - UshopWell.com","og_description":"We locked them up, now let&#8217;s set them free. In Part 1, we built a simple ransomware script to encrypt files in a directory. In this video, we complete the cycle by writing the Decrypter. We\u2019ll cover how to handle encryption keys properly, reverse the logic of our previous script, and restore our files to their original state. \u26a0\ufe0f DISCLAIMER: This content is for educational purposes and cybersecurity research only....","og_url":"https:\/\/ushopwell.com\/ublog\/reversing-ransomware-building-your-own-decrypter\/","og_site_name":"UshopWell.com","article_published_time":"2025-12-01T18:00:37+00:00","author":"UShopWell","twitter_card":"summary_large_image","twitter_misc":{"Written by":"UShopWell","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/ushopwell.com\/ublog\/reversing-ransomware-building-your-own-decrypter\/#article","isPartOf":{"@id":"https:\/\/ushopwell.com\/ublog\/reversing-ransomware-building-your-own-decrypter\/"},"author":{"name":"UShopWell","@id":"https:\/\/ushopwell.com\/ublog\/#\/schema\/person\/6fd1f9e0ff932e534c86c70d5acff0fc"},"headline":"Reversing Ransomware: Building Your Own Decrypter","datePublished":"2025-12-01T18:00:37+00:00","mainEntityOfPage":{"@id":"https:\/\/ushopwell.com\/ublog\/reversing-ransomware-building-your-own-decrypter\/"},"wordCount":253,"commentCount":0,"publisher":{"@id":"https:\/\/ushopwell.com\/ublog\/#organization"},"image":{"@id":"https:\/\/ushopwell.com\/ublog\/reversing-ransomware-building-your-own-decrypter\/#primaryimage"},"thumbnailUrl":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2025\/12\/171147\/reversing-ransomware-building-your-own-decrypter.jpg","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/ushopwell.com\/ublog\/reversing-ransomware-building-your-own-decrypter\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/ushopwell.com\/ublog\/reversing-ransomware-building-your-own-decrypter\/","url":"https:\/\/ushopwell.com\/ublog\/reversing-ransomware-building-your-own-decrypter\/","name":"Reversing Ransomware: Building Your Own Decrypter - UshopWell.com","isPartOf":{"@id":"https:\/\/ushopwell.com\/ublog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/ushopwell.com\/ublog\/reversing-ransomware-building-your-own-decrypter\/#primaryimage"},"image":{"@id":"https:\/\/ushopwell.com\/ublog\/reversing-ransomware-building-your-own-decrypter\/#primaryimage"},"thumbnailUrl":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2025\/12\/171147\/reversing-ransomware-building-your-own-decrypter.jpg","datePublished":"2025-12-01T18:00:37+00:00","breadcrumb":{"@id":"https:\/\/ushopwell.com\/ublog\/reversing-ransomware-building-your-own-decrypter\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/ushopwell.com\/ublog\/reversing-ransomware-building-your-own-decrypter\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/ushopwell.com\/ublog\/reversing-ransomware-building-your-own-decrypter\/#primaryimage","url":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2025\/12\/171147\/reversing-ransomware-building-your-own-decrypter.jpg","contentUrl":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2025\/12\/171147\/reversing-ransomware-building-your-own-decrypter.jpg","width":480,"height":360,"caption":"Reversing Ransomware: Building Your Own Decrypter"},{"@type":"BreadcrumbList","@id":"https:\/\/ushopwell.com\/ublog\/reversing-ransomware-building-your-own-decrypter\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/ushopwell.com\/ublog\/"},{"@type":"ListItem","position":2,"name":"Reversing Ransomware: Building Your Own Decrypter"}]},{"@type":"WebSite","@id":"https:\/\/ushopwell.com\/ublog\/#website","url":"https:\/\/ushopwell.com\/ublog\/","name":"UshopWell.com","description":"The Premiere Online Marketplace","publisher":{"@id":"https:\/\/ushopwell.com\/ublog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/ushopwell.com\/ublog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/ushopwell.com\/ublog\/#organization","name":"UshopWell","url":"https:\/\/ushopwell.com\/ublog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/ushopwell.com\/ublog\/#\/schema\/logo\/image\/","url":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2018\/01\/pandaSwea.png","contentUrl":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2018\/01\/pandaSwea.png","width":365,"height":359,"caption":"UshopWell"},"image":{"@id":"https:\/\/ushopwell.com\/ublog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/ushopwell.com\/ublog\/#\/schema\/person\/6fd1f9e0ff932e534c86c70d5acff0fc","name":"UShopWell","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g","caption":"UShopWell"},"url":"https:\/\/ushopwell.com\/ublog\/author\/kburnettu\/"}]}},"_links":{"self":[{"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/posts\/171147","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/comments?post=171147"}],"version-history":[{"count":0,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/posts\/171147\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/media\/171148"}],"wp:attachment":[{"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/media?parent=171147"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/categories?post=171147"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/tags?post=171147"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}