- Reads files one at a time from a test folder (c:userspublicvideos est)
- Encrypts the file contents.
- Writes the file to filename.txt.crypt.
- Deletes the file.
I also ran this ransomware simulator on a VM protected by a dedicated anti-ransomware program, CryptoDrop, but it, too, allowed the deletions. As I am not an experienced white hat hacker, I am sure I am missiing something.
I am aware of KnowBe4's RanSim ransomware simulator, but by now it is well known to signature-based antivirus products. I'd like to be able to create a simple, safe, new simulated ransomware program that Webroot will block. It is easy enough to limit its effect to a single specified user folder for safety, but perhaps that prevents it from being detected.
Your ideas are much appreciated!