For educational purposes only, samples of ransomware/wiper trojans including screenshots/ransom-notes.

An Archive of Ransomware Notes Past and Present Collected by Zscaler ThreatLabz

information about ransomware groups (Ransomware Analysis Notes)

Notes about reverse engineering the Petya2017 ransomware

Introducing the Ransomware Builder – an educational tool with a sleek, modern GUI that makes it easy for anyone to create their own ransomware. Perfect for learning and awareness, our user-friendly interface guides you through each step, from customizing ransom notes to encrypting files, all with just a few clicks.

All about ransomware notes and extension files.

Training and testing pipeline for ransomware classification based on screenshots of the splash screens or ransom notes (https://arxiv.org/pdf/1908.06750.pdf).

Notes of ransomware families

My notes on I repair the CryptoLocker Ransomware incident

This educational ransomware project encrypts target files and generates ransom notes. It supports cross-platform operation and custom configuration. Ideal for learning about ransomware mechanics and encryption techniques.

Behavior-based ransomware detection using Sysmon Event ID 1 (ProcessCreate). Captured early-stage ransomware activity including shadow copy deletion and hidden PowerShell execution. Includes detection notes, MITRE mappings, and screenshots of malicious process behavior.

Technical notes and explanation about computer viruses and modern malware, including boot sector, file, macro, memory-resident viruses, worms, adware, spyware, ransomware, trojans, and botnets. Part of my certification in Fundamentals of Programming and Software Engineering at Platzi.

Ransomware extensions and notes

A collection of ransomware notes left by their authors

Structured incident response playbooks and practical SOC preparation notes focused on ransomware, phishing, and operational cyber risk management.

This project implements an MCP (Model Context Protocol) server that integrates with the [Ransomware.live Pro API](https://api-pro.ransomware.live). It exposes various API endpoints as MCP tools, allowing clients to query ransomware-related data such as groups, victims, sectors, statistics, and ransom notes.

A safe, non-destructive ransomware simulator designed for cybersecurity learning. Demonstrates encryption behavior, ransom notes, and attacker interaction without modifying real files.

Educational ransomware simulation that encrypts files with .vty extension and creates ransom notes (README_VTY.txt). Includes both ENCRYPTOR and DECRYPTOR for learning purposes.

ython tool detecting ransomware pre-execution via entropy analysis (identifies encryption), PE file inspection (finds suspicious headers/imports), and content scanning (ransom notes/crypto wallets).

❗Important Notes This is not ransomware and does not auto-delete files. Encryption is fully reversible with the same password. Always test on a sample folder first.

This script helps detect Akira ransomware infections and suspicious activities on a system. It searches for encrypted files, recent suspicious executables, ransom notes, suspicious PowerShell logs, and potentially malicious scheduled tasks.

Two-part offensive/defensive security project. Part A simulates ransomware behavior (entropy injection, file encryption, ransom notes). Part B detects it in real time using behavioral heuristics, kills the process, and rolls back all changes. Live dashboard, YARA integration, 50 tests.

Comprehensive repository for Great Learning's Cyber Security Threats course. Includes structured notes, hands-on labs, threat intelligence reports, case studies, resources, and certificate of completion. Designed to help learners understand and defend against malware, phishing, ransomware, DDoS, insider threats, and APTs.