A simple standalone "ransomware-like" simulator for Windows that will rename .TXT files to a known ransomware extension to simulate ransomware behavior for demos and testing various file monitoring tools and response systems.
Visit the releases section on this repository: https://github.com/leeberg/CashCatRansomwareSimulator/releases
THIS IS NOT REAL RANSOMWARE! IT LITERALLY DOES NOT MATCH ANY REAL DEFINITION OF RANSOMWARE! ALL IT DOES IS RENAME files with the extension of .TXT to a ransomware extension to test ransomwware detection tools. nothing. is. encrypted.
- Build/Download CashCat.exe - NEVER PLACE IN A PRODUCTION ENVIRONMENT
- Place CashCat.exe in a directory with some .txt files in the same directory.
- Run Cashcast.exe.
- All .TXT files located in the same directory as Cashcat.exe will be renamed to a common ransomware extension. No files are ACTUALLY encrypted - they are simply renamed.
- Enter the code 123456789 to rename all ransomware files to .TXT (this effectively UNLOCKS your files / resets your demo)
- Tested on Windows 7, 10, Server 2012R2, 2016+
- Requires: .NET 4.7.2
- Re-Implement extra configuration features without the need for dependency dlls
- "Canary" functionality