Ransim is a ransomware simulator for Windows that simulates attacks of ten ransomware families against the computer system.
Ransomware is without doubt a relatively new threat category that has gained some prominence in recent time.
Security companies have added ransomware protection to their tools as a response, or released standalone programs with the aim to block ransomware from encrypting files on a computer system.
It is difficult for most users to determine how well anti-ransomware programs protect their systems against ransomware threats. RanSim has been designed to simulate attacks on a computer system to find out if it is protected against ten common ransomware attacks.
You are asked to fill out information on the developer website before download options are provided. I suggest you download the program from Major Geeks or another third-party download repository instead.
The program makers suggest that you keep your security software configured as is to simulate a real-world attack scenario. This may be problematic however in some cases. The new Malwarebytes Premium for instance blocked the execution of RanSim on target systems.
RanSim’s interface is easy to use. It offers information on the ransomware test scenarios, and a single button that you may click on to start the test.
The test should not take longer than a minute to complete. The program will download test files from the Internet, but won’t harm any files on the local system. It will enumerate the files though and display information on the vulnerability of these files.
It tests the following ransomware scenarios:
- InsideCryptor — encrypts files using strong encryption and overwrites most of the content of the original files with the encrypted data.
- LockyVariant — simulates the behavior of a recent version of Locky ransomware.
- Mover — Encrypts files in a different folder using strong encryption and safely deletes the original files.
- Replacer — Replaces the content of the original files. A real ransomware would show a message that fools users into thinking they can recover them.
- Streamer — Encrypts files and writes data into a single file, using strong encryption, then deletes the original files.
- StrongCryptor — Encrypts files using strong encryption and safely deletes the original files.
- StrongCryptorFast — Encrypts files using strong encryption and deletes the original files.
- StrongCrytptorNet — Encrypts files using strong encryption and deletes the original files. It also simulates sending the encryption key to a server using an HTTP connection.
- ThorVariant — Simulates the behavior of a recent version of Thor ransomware.
- WeakCryptor — Encrypts files using weak encryption and deletes the original files.
RanSim lists the number of successful and unsuccessful attacks during the test.
Select anti-ransomware software won’t block RanSim from execution. This is for instance the case for RansomFree which creates its own dummy files that it monitors. Other security software may block the execution of the application.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.