public/subjects/cybersecurity/malware/audit/README.md

#### General

Knowledge-Check:
Ask the students for explain how the ransomware work and the impact of it.

###### Is the student able to explain clearly what ransomware means?

###### Is the student able to explain clearly how he can bypass the Anti-Viruses?

###### Is the student able to explain clearly how his ransomware works?

###### Is the student able to explain clearly how his decrypting program works?

##### Check the Repo content

Files that must be inside your repository:

- Your program source code.
- a README.md file, Which clearly explains how to use the program.

###### Does the required files present?

##### Evaluate the student's submission

Create an official Windows virtual machine.
Scan the student ransomware in windows defender.

###### Does the program bypass the windows defender without any detection?

Scan the student ransomware in [virustotal](https://www.virustotal.com/).

###### Does the program bypass more than 80% of Security vendors in [virustotal](https://www.virustotal.com/)?

Create some files with random data in the machine and run the program.

###### Does the program change all files in the machine with the student extension(encrypt)?

###### Does the program add a text file with contact info and the encryption code (to recover the data)?

Imagine that they are your files and try to decrypt them without the help of the student.

###### They are no way to decrtpy the files?

Ask the student to create a decryption program by using the encryption code.
Run the decryption program.

###### Do the files restore with their data?

###### Does the decryption program is usage unique for each victim?