There is really no shortcut for testing your network against a ransomware attack. The only way to know how protected you are is to test your defenses against real ransomware. We developed a ransomware simulator that will encrypt data on the network, but in a way that’s under your control, has an off switch, and allows you to decrypt the data as well.
Use this PowerShell script to do exactly what ransomware does, encrypt files. This is the only way to truly know if you are protected.
WARNING: This tool encrypts files. Please use responsibly. If you are unfamiliar with PowerShell DO NOT use this tool.
We have written two PowerShell scripts which act as the ransomware simulator. One script encrypts the data, and the other script decrypts the data using a public/private key pair. We created these as a tool, so that you can test your defenses against actual ransomware. The purpose of the decrypter, is to ensure that your files aren’t permanently destroyed.
- The network drives are enumerated and sorted in descending order.
- The lowest drive letter will be attacked. This gives you the ability to control what shares are affected. In my testing environments, I use the drive letter Z as my ‘attack’ drive.
- All files are discovered. Only files are discovered, folders are excluded.
- Then each file is encrypted with the Public key of our certificate. You will need a certificate for this to work and I’ve included all the necessary steps below.
- After all the files have been encrypted, the script exits.
This is a safe and easy way to test the effectiveness of CryptoStopper™ against a ransomware attack. You must install CryptoStopper™ prior to running TestCryptoStopper.
TestCryptoStopper.exe was developed to give our customers a safe and easy way to test the effectiveness of CryptoStopper™ against a ransomware attack.
TestCryptoStopper.exe allows trial and paid customers to safely mimic a ransomware attack. This removes the need for a secure test environment and it removes the danger of downloading actual ransomware variants. With TestCryptoStopper.exe you’ll get a first-hand look at how quickly CryptoStopper™ stops a ransomware attack.
Run TestCryptoStopper.exe from a workstation computer and safely attack a network share. This is helpful in a few ways. You’ll become familiar with CryptoStopper™ and also what happens when a ransomware attack occurs while confirming that CryptoStopper™ is indeed working.
Steps have been intentionally added to ensure the testing process does not damage network files or allow malicious actors to modify the code to create real ransomware.