Basic ransomware, i have probably too much free time. And this is my first exercise in Golang

  • By FreezingKas
  • Last update: Nov 9, 2022
  • Comments: 0

Contributors Forks Stargazers Issues MIT License LinkedIn


Just A Study Go Ransomware

My own ransomware to use my cryptographic knowledges and test Golang for the first time

Contact me · Report Bug · Request Feature

Table of Contents
  1. About The Project
  2. Getting Started
  3. Roadmap
  4. Contributing
  5. License
  6. Contact
  7. Acknowledgments

About The Project

Recently, I learned cryptography at my university and I wanted to learn Golang. I tried to create this ransomware and this is very basic.


  • Learn Golang syntax.
  • Use AES-256 in Golang
  • Try reversing my own ransomware

(back to top)


Do not use this program for illegal purposes ! I am not responsible for the actions of third parties. Also do not run this program on your machine, use a VM instead.

Built With

(back to top)

Getting Started

You have 4 modules : attacker, encrypter, decrypter and fileutils.

attacker is the server program to receive the AES key.

encrypter is obviously the dangerous program. I repeat, do not launch it on your machine.

decrypter decrypt the files with the AES key.

fileutils retrieves all the file paths to be encrypted/decrypted.


  • attacker

It is just a simple HTTP server made with the Golang package net/http. It receives the AES key in hexadecimal and it stores it into the sqlite database named key.db. It generates an onion service to receive data via Tor.

  • encrypter

First, it generates an random 256 bits key and send it to the server. By default it is a POST request made with net/http package to onion address via Tor (Bine API). After it retrieves all the content of files in directory defined in .env (you can also change it). Finally it encrypt all the content of files and replace it.

  • decrypter

Similarly to encrypter, it retrieves all the files but it decrypt with the key passed in STDIN and replace files contents.

  • fileutils

Retrives all the files for encrypter and decrypter. By default it is C:\Users\ on Windows and /home/ on Linux. But I redefined the value of dir with a testing directory in .env file.

(back to top)


  • First, clone the project :
git clone
  • And change the .env file :

ADDRESS is used to build encypter.go. This is the address of the server where the keys will be sent. Change this to the address generated by attacker.go. DIR is used to build encrypter.go and decrypter.go. This is the directory that will be encrypted.

  • Build attacker.go :
cd attacker
go build attacker.go

It launches the HTTP server on a onion service. You can now receive AES keys from encrypter.go.

  • Build encrypter.go
cd encrypter
go build encrypter.go

Obviously, a victim will not build this program itself. After encryption, I have to ask for money but i didn't implement it for the moment. Don't forget to change ADDRESS in .env.

  • Build decrypter.go
cd decrypter
go build decrypter.go

The program will ask for the key in command-line and the objectives is to make it simple for a victim to enter the AES key.

(back to top)


  • Create a server to receive keys.
  • Implement function to retrieve files.
  • Implement encrypter.
  • Implement decrypter.
  • Implement GUI with a threat message and ask for Bitcoin.
  • Implement AES from scratch.
  • Create a database to store keys.
  • AV Evasion
  • Use .env for IP adress + port and test directory
  • Send key via Tor

See the open issues for a full list of proposed features (and known issues).

(back to top)


Contributions are greatly appreciated, I am still a beginner in Golang. I am not an expert yet. Also I am not a great ransomware creator, so any suggestions are welcomed.

(back to top)


Distributed under the MIT License. See LICENSE.txt for more information.

(back to top)


FreezingKas - @Maxence_Jng - [email protected]

Project Link:

(back to top)


(back to top)