Ransomware is arguably the No.1 cyber threats at the moment and will most likely remain that position in the foreseeable future. In 2016, ransomware cost individuals and businesses over $1 billion and was the fastest growing cyber threat. Security companies have been working around the clock trying to up their game against ransomware, either adding new features to their security products or developing standalone tools just to block ransomware.
On top of that, having a way of knowing how well your computer is prepared in blocking any new evolving ransomware also plays a major role in the world full of cyber threats.
Aware of this issue, KnowBe4, a US-based security training company, developed a free tool called RanSim simulates ten ransomware infection scenarios and shows you if a Windows PC is vulnerable to infection.
How RanSim works
According to their website, RanSim
- 100% harmless simulation of a real ransomware infection
- Does not use or alter any of your own files
- Tests 10 types of infection scenarios
- Portable, simply download and run
- Results in a few minutes
RanSim’s user interface is simple enough, information about the ten testing scenarios with one single button to start the test. The test takes about 1 or 2 minutes to finish and shows up the result as the test goes.
Here are 10 test scenarios RanSim simulates:
- InsideCryptor – encrypts files using strong encryption and overwrites most of the content of the original files with the encrypted data.
- LockyVariant – Simulates the behavior of a recent version of Locky ransomware.
- Mover – Encrypts files in a different folder using strong encryption and safely deletes the original files.
- Replacer – Replaces the content of the original files. A real ransomware would show a message that fools users into thinking they can recover them.
- Streamer – Encrypts files and writes data into a single file, using strong encryption, then deletes the original files.
- StrongCryptor – Encrypts files using strong encryption and safely deletes the original files.
- StrongCryptorFast – Encrypts files using strong encryption and deletes the original files.
- StrongCrytptorNet – Encrypts files using strong encryption and deletes the original files. It also simulates sending the encryption key to a server using an HTTP connection.
- ThorVariant – Simulates the behavior of a recent version of Thor ransomware.
- WeakCryptor – Encrypts files using weak encryption and deletes the original files.
It failed miserably without one single success. I believe it’s mainly because of the way it prevents Ransomware.
The result is better, passed six tests out of 10 and failed the following ones:
Kaspersky AntiRansomware did pick up RanSim as the threat in general and quarantined it right away. I had to put RanSim in trust list to complete the test.
Sophos Intercept X
Sophos Intercept X is a paid anti-ransomware Sophos released in late 2016. It works with Sophos cloud-based endpoint security product and has a sophistic solution built-in that not only catches the Ransomware but provides in-depth analysis data showing you how and what data are affected. It also performs the best with RanSim, passing eight tests with only the following two failed.
I did get the notification right after RanSim started with the visualized analysis like below, quite impressive.
RanSim provides some useful information how your computer stands in a ransom-apocalypse. If you still don’t have any protection, it’s time to consider. If you are in a business environment, Sophos Intercept X will put you in a better position when the ransomware comes knock your door. Or, check our coverage to pick one of them.
As always, it’s recommended having a reliable backup of all your files as well as the usual precaution you always need to carry whenever you go on the internet. Lastly, if you or your organization have had your data locked up, it’s worth checking the possibilities of recovering the data by visiting the newly created online portal, No More Ransom.