Ransomware Simulator

Overview

Simulates ransomware behavior for security training and testing. Creates reversible file encryption without causing actual harm.

Features

🛡️ Safety Mechanisms

Automatic Backups: Creates safety backups before any simulation
Safe Mode: Prevents simulation on system-critical files and directories
Emergency Stop: Immediate halt and restoration functionality
Reversible Operations: All simulated encryption can be fully reversed

🎯 Simulation Capabilities

File Encryption: Real encryption (reversible) on target files
Ransom Note Generation: Creates ransom notes
Desktop Changes: Visual changes (Windows)
Configurable Targets: Customizable file types and directories

📊 Reporting & Analytics

Detailed Logging: Complete audit trail of all simulation activities
Simulation State Tracking: Maintains state for restoration
Performance Metrics: Track simulation timing and file counts

🖥️ User Interfaces

GUI Mode: User-friendly graphical interface
CLI Mode: Command-line interface for automation
Configuration Panel: Easy setup and customization

Installation

Clone or download this repository
Install dependencies:
```
pip install -r requirements.txt
```

Usage

GUI Mode (Recommended)

python ransomware_simulator.py --gui

CLI Mode

# Start simulation on a directory
python ransomware_simulator.py --target "C:\Users\YourName\Documents\TestFolder"

# Restore files from last simulation
python ransomware_simulator.py --restore

Configuration

The simulator uses a simulator_config.json file for configuration:

{
  "target_extensions": [".txt", ".doc", ".docx", ".pdf", ".jpg", ".png"],
  "excluded_paths": ["C:\\Windows", "C:\\Program Files", "/System", "/usr"],
  "max_files": 100,
  "simulation_duration": 300,
  "backup_enabled": true,
  "safe_mode": true,
  "ransom_note_template": "Your files have been encrypted! This is a SIMULATION."
}

Safety Features

Protected Directories

The simulator automatically excludes:

System directories (Windows, Program Files, /usr, /bin, etc.)
Critical system files
User-defined excluded paths

Backup System

Creates timestamped backups before simulation
Stores backups in simulation_backups/ directory
Maintains backup integrity for restoration

Emergency Procedures

Emergency Stop: Click the "Emergency Stop" button or press Ctrl+C
Manual Restoration: Run with --restore flag
Backup Recovery: Access backups in simulation_backups/ directory

Use Cases

1. Security Awareness Training

Demonstrate ransomware behavior to employees
Show the impact of file encryption
Educate on prevention strategies

2. Incident Response Testing

Test backup and recovery procedures
Evaluate detection capabilities
Practice incident response workflows

3. Security Assessment

Validate endpoint protection
Test network monitoring
Assess user behavior

File Structure

Ransomware Simulator/
├── ransomware_simulator.py    # Main simulator application
├── requirements.txt           # Python dependencies
├── README.md                 # This documentation
├── simulator_config.json     # Configuration file (auto-generated)
├── simulation_log.txt        # Activity logs
├── simulation_state.json     # Current simulation state
└── simulation_backups/       # Safety backups directory
    └── backup_YYYYMMDD_HHMMSS/

Technical Details

Encryption Method

Uses cryptography.fernet for symmetric encryption
Generates unique keys per simulation session
Stores encrypted files with .SIMULATED extension

Safety Mechanisms

Path validation against system directories
File type filtering
Maximum file count limits
Automatic backup creation

Restoration Process

Loads simulation state from simulation_state.json
Decrypts all affected files using stored key
Restores original file names and locations
Removes simulation artifacts

Notes

🔒 Best Practices

Run in virtual machines when possible
Maintain backups of important data
Test restoration procedures regularly

🚫 Limitations

Windows desktop changes require administrator privileges
Some antivirus software may flag the simulator
Network simulation features are limited
Does not simulate actual malware communication

Troubleshooting

Common Issues

"Permission Denied" Errors

Run as administrator (Windows) or with sudo (Linux/Mac)
Check file permissions on target directories

"No Files Found" Warning

Verify target directory exists and contains supported file types
Check excluded paths configuration
Ensure safe mode isn't blocking all targets

Restoration Failures

Check if simulation_state.json exists
Verify backup directory integrity
Run emergency stop procedure

Support

For issues or questions:

Check the simulation log (simulation_log.txt)
Review configuration settings
Verify file permissions and paths

Version History

v1.0.0: Initial release with core simulation features
GUI and CLI interfaces
Safety mechanisms and backup system
Comprehensive logging and state management

License

Provided as-is for security training and testing. Users are responsible for compliance with applicable laws.

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
SimulationTest		SimulationTest
.gitignore		.gitignore
README.md		README.md
decrypt_files.py		decrypt_files.py
ransomware_simulator.py		ransomware_simulator.py
requirements.txt		requirements.txt
run_simulator.bat		run_simulator.bat
setup_test_environment.py		setup_test_environment.py

Elyes-2/Ransomware-Simulator

Folders and files

Latest commit

History

Repository files navigation