Ransomware Recovery Services
Ransomware Recovery Services

Ransomware Simulator Script

Ransomware simulator script

I am frequently asked to demonstrate to customers how a ransomware assault will impact their company. Manually searching for all of the network shares to which you have to write access as a normal user can take a significant amount of time. This has to lead me to develop a script that I have dubbed the Ransomware simulator as a result of my findings. According to the plan, you will run this script from one of your users’ workstations while logged in as a regular user. The script will then look for shares connected to the hosts you specify and determine whether it is capable of writing to them. The script will look for both normal shares and administrative shares ($ shares) if they exist. You can provide the script with hostnames, IP addresses, or IP ranges as input parameters. If you require assistance, you can use the command get-help against the script.

As a result, I owe a debt of gratitude to Matthew Graeber (@mattifestation) and Will Schroeder (@Harmj0y), who have both done outstanding work in the field of programming.

This is only the first version of the script; I am now working on a second version that will support multi-threading throughout the scanning process. I’ve also prepared a video that explains how the script is used in practice:

It is possible to find the script at https://github.com/api0cradle/PowershellScripts/tree/master/Security/scripts

When executing the script at the elevated command prompt, you must be using Windows 8.1 or a newer operating system that supports the test-net connection cmdlet in order to run the 1.0 version of the script. This will be rectified in my upcoming release.

I hope you find this information beneficial.