The purpose of this repository is to supply a easy, innocent strategy to verify your AV’s safety on ransomware.
This software simulates typical ransomware behaviour, akin to:
- Staging from a Phrase doc macro
- Deleting Quantity Shadow Copies
- Encrypting paperwork (embedded and dropped by the simulator into a brand new folder)
- Dropping a ransomware notice to the consumer’s desktop
The ransomware simulator takes no motion that truly encrypts pre-existing information on the gadget, or deletes Quantity Shadow Copies. Nonetheless, any AV merchandise on the lookout for such behaviour ought to nonetheless hopefully set off.
Every step, as listed above, may also be disabled by way of a command line flag. This lets you verify responses to later steps as nicely, even when an AV already detects earlier steps.
Utilization
Run Ransomware SimulatorUtilization:
ransomware-simulator run [flags]
Flags:
--dir string Listing the place information that can be encrypted must be staged (default "./encrypted-files")
--disable-file-encryption Do not simulate doc encryption
--disable-macro-simulation Do not simulate begin from a macro by constructing the next course of chain: winword.exe -> cmd.exe -> ransomware-simulator.exe
--disable-note-drop Do not drop pseudo ransomware notice
--disable-shadow-copy-deletion Do not simulate quantity shadow copy deletion
-h, --help assist for run
--note-location string Ransomware notice location (default "C:CustomersneoDesktopransomware-simulator-note.txt")
