[MT|marktsec]
In order to improve their security posture, many organizations want to test their security products and validate if they can prevent never before-seen ransomware without resorting to running malware. Built to assist Red/Blue teams test their defenses.
- Encrypting documents
- Deleting Volume Shadow Copies
- Kill processes (in this version notepad.exe only)
- Dropping a ransomware note to the chosen folder
- File hash change in one click
- and more
It's recommended to install AutoIt for the file hash change in click (compile) option AutoIt
ransomsim3.exe [help] [mode] [path] [shadow copy] [password]Encrypt files in C:\test directory
ransomsim3.exe encrypt C:\test- WARNING: If the shadow copy delete option is selected, all shadow copies will be deleted.
- WARNING: All files in the folder selected for the encryption will be encrypted.Note: FOR RED TEAMERS: USE IMPACKET SMBEXEC AND LOLBINS TO RUN THIS SIMULATION.
- WARNING: This software does not offer any kind of guarantee. Its use is exclusive for educational environments and / or security audits with the corresponding consent of the client. I am not responsible for its misuse or for any possible damage caused by it.
MIT