Ransomware: Build Your Own Ransomware

Ransomware is swiftly emerging as the predominant threat among malware affecting our digital systems. Businesses worldwide are experiencing the impact of various malicious software, with the latest variant, Snake, posing a specific threat to SCADA/ICS systems. The recent incident involving the Colonial Pipeline in the United States serves as a stark example, as it was forced to cease operations for almost a week, succumbing to a $5 million ransom payment. This highlights the peril that ransomware poses to industrial systems and the critical infrastructure of nations.

Adding to the concerning trend, a major American insurance company, CNA, has openly acknowledged paying a substantial $40 million ransom. The willingness of organizations to meet such exorbitant demands underscores the lucrative nature of ransomware, incentivizing developers to continually refine and escalate their malicious tactics. The escalating creativity and malevolence of ransomware developers underscore the pressing need for robust cybersecurity measures to safeguard digital systems and protect against potentially devastating consequences.

To better understand how ransomware works, let’s build our own ransomware from a Proof of Concept (POC) available from mauri870 on github.com. He developed this ransomware as part of his academic program and it is not designed for malicious purposes but rather to help us understand how ransomware works. Like the new variant, Snake, and a growing number of malware strains, this malware is written in Golang.

This malware encrypts the files in the background with AES-256-CTR and uses RSA-4096 to secure the data exchange with the server. This ransomware is very similar to Cryptolocker, one of the most successful ransomware attacks in history.

The first step is to fire up your Kali and make certain that golang is installed. If not, download it from the Kali repositories by entering;

kali > sudo apt install golang

Next, you will need to login to the root user.

kali > sudo su -

Now create a directory for the binaries. In this case, I named it simply “git”.