Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/hazcod/ransomwhere

A PoC ransomware sample to test out your ransomware response strategy.
https://github.com/hazcod/ransomwhere

malware poc ransomware

Last synced: about 10 hours ago
JSON representation

A PoC ransomware sample to test out your ransomware response strategy.

Awesome Lists containing this project

README 

        
# Ransomwhere



A Proof of Concept ransomware sample that encrypts your files to test out your ransomware detection & prevention strategies.

If no arguments are provided, `ransomwhere`will automatically execute the `encrypt` mode without deleting the original files.



I am not responsible for any damage caused by this software.



## Building



```shell

# with make and Go installed

% make build

```



## Usage



```shell

% ransomwhere -h

Usage of ransomwhere:

  -delete

        Delete files after encrypting.

  -log string

        The log level to use. (default "error")

  -mode string

        Encrypt or decrypt the ransomware files. (default "encrypt")

  -path string

        Path to the directory where to traverse files to ransom. (default "/Users/niels")

  -wipe

        Wipe local snapshots while encrypting.

```



## Examples



```shell

# straight from source, encrypt in our home directory

% make FLAGS="-log=warn -delete=false -mode=encrypt"



# from the binary, encrypt /home/ransom/

% ./app -log=warn -delete=false -mode=encrypt -path=/home/ransom/



# encrypt, delete original files and wipe backups like a real ransomware (DANGEROUS)

% ./app -delete=true -wipe=true



# revert the ransom operation and restore any files

% ./app -mode=decrypt

```