Implementing Hash-Based Whitelisting for Ransomware simulation

Implementing Hash-Based Whitelisting for Ransomware simulation

We can have hash-based whitelisting to allow specific executable files to be downloaded and executed. This method ensures that only files with specified hash values are permitted, providing a more granular control over which executables can run. Here's how you can do it:

  1. Create a Group Policy:

    • Open Group Policy Editor (gpedit.msc).
    • Navigate to: Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Software Restriction Policies.

  2. Configure Software Restriction Policies:

    • Right-click on Software Restriction Policies and select New Software Restriction Policies.
    • Right-click on Additional Rules and select New Hash Rule.

  3. Add Hash Rules:

    • Enter the hash value of the executable file you want to whitelist.
    • Choose the security level (e.g., Allow) for the hash rule.

  4. Apply Changes:

    • Save the policy settings.

After applying these settings, only the executable files with hash values matching the specified rules will be allowed to execute. Any attempts to run executables not included in the whitelist will be blocked.


    • Related Articles

    • How to create Ransomware Template in TSAT?

      Please follow the below steps to create a Ransomware Template Step 1 : Click on Campaign Templates" on left side menu and then click on "Create New" as shown in the below screenshot. Step 2 : Input the below details in the opened form after clicking ...

    • How do you do simulation for cyber scam, ransomware, smishing and vishing?

      For cyber scam, we send a phishing email that redirects the targets to a payment page. In ransomware, we share an exe file, which shuts down the entire system when downloaded. In SMiShing, we send a malicious link via SMS through SMS gateways. In ...

    • How many types of cyber attacks do you simulate?

      We simulate 6 types of cyber attacks i.e. Phishing (Malicious link in the email), Ransomware (malicious attachment in email), Smishing (Malicious link via sms), Vishing (Extracting personal data through a phone call), WhatsApp (Through a message on ...

    • What is Ransomware?

      Ransomware is a type of malware from cryptovirology that threatens to publish the victim's data or perpetually blocks access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a ...

    • Creating a Phishing Simulation Rule in the O365 Admin Center

      In order to whitelist Threatcop into your O365 environment you need to follow the below mentioned steps: Go to https://www.microsoft365.com/ Locate the square with dots positioned at the upper-left corner. Proceed to access the Security section ...