![]() ![]() That text doesn't originate from the Github PowerShell script or associated script module. a- 3:41 PM 1268 Win10_Bootsect_Įncrypting C:\Users\xxxxxxx\Documents\Test\Winobj_Physical_Drive_Spec.txt a- 3:41 PM 980 Notes_Įncrypting C:\Users\xxxxxxx\Documents\Test\Win10_Bootsect_Utility.txt a- 3:41 PM 84 Eset_Trusted_Zone_Įncrypting C:\Users\xxxxxxx\Documents\Test\MBRWizard.txt a- 3:41 PM 13924 Bootsect on Įncrypting C:\Users\xxxxxxx\Documents\Test\Eset_Trusted_Zone_Addresses.txt Do not run Run once Suspend Help (default is "D"): RĮncrypting C:\Users\xxxxxx\Documents\Test\Bootsect on Windows.docxĭirectory: C:\Users\xxxxxxx\Documents\Test Do you want to run C:\Users\xxxxxxx\Downloads\RanSim-main\RanSim-main\FileCryptography.psm1? If you trust this script, use the Unblock-File cmdlet to allow the script to run without this warning message. While scripts from the internet can be useful, this script can potentially harm your computer. Īgain I ran the PowerShell script from the RanSim-main folder after establishing it as the active directory and it then successfully encrypted files in my folder Ĭ:\Users\xxxxxx\Downloads\RanSim-main\RanSim-main>powershell.exe -command C:\Users\xxxxxxx\Downloads\RanSim-main\RanSim-main\ransim.ps1 -mode encrypt The author stored his encryption code in a PowerShell script module file. I then downloaded the entire zipped source from GitHub and saw what the issue was ![]() Upon inspection, the files were not encrypted. I then ran the script and received PowerShell alerts on every file it tried to encrypt although the last message from the script was that 6 files in the test sub-directory where encrypted. $TargetPath = "$Env:USERPROFILE\Documents\Test" ![]() Next, I modified the script to use a test sub-directory in My Documents as follows to make it a bit more realistic The reason for the non-detection will become obvious in the following. It was sent to LiveGrid which detected nothing. I first only downloaded the script itself. This GitHub PowerShell based ransomware script intrigued me, so I set about testing with it myself. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |