Ransomulator is a ransom simulator for BloodHound database. It can be used to measure a network resilience for ransomare infections, and identify "weak links" in the network.
Read more here.
For each computer node, Ransomulator will try to propagate to other computers through infection waves. Propagation to other computers is possible when there is a logical path between them, and there is also a network path. Network access is assumed to exist in the database, and should be represented with "Open" edges in the data.
Ransomulator will generate for each computer, a wave map, showing how many hosts will be compromised by each infection wave. This information can also be exported to csv.
- Integrate network data to your BloodHound database (or start with a simulated one)
- Run ransomulator:
python ransomulator.py -p <dbpass>