Skip to content
/ RansomwareSimulator Public

Powershell script to emulate the "blast radius" of a ransomware infection.

License

GPL-3.0 license
26 stars 12 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

securekomodo/RansomwareSimulator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
Invoke-RansomwareSimulator.ps1
Invoke-RansomwareSimulator.ps1
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

RansomwareSimulator

Multithreaded Powershell script to emulate the "blast radius" of a ransomware infection. Does not actually encrypt anything!

Uses passive checks to test write priv to discovered files and reports on them.

Logic

  • Discover Local Drives
  • Discover Mapped Drives
  • Loop through each drive
  • Enumerate files with extensions matching whitelist/blacklist
  • Test to see if current user has write permission to file (MUST NOT CHANGE METADATA OF ACTUAL FILE)
  • Output Report simulating "C2 Callback"

Report

  • Count sum of files
  • Count sum of data (IE. Sum of all Files Length)
  • Report the top 10 File types (extensions) that were "encrypted"

Updates:

Implemented Runspaces and chunking to improve performance.

About

Powershell script to emulate the "blast radius" of a ransomware infection.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

26 stars

Watchers

4 watching

Forks

12 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages