KnowBe4’s Ransomware Simulator "RanSim"

[vinylmeister]

A few weeks ago KnowBe4 launches industry’s first ransomware simulator called "RanSim". Did you heard of it and what are your thoughts on a tool like this? Have you tested it or will you give it a try?

Read more on the official pages..

Press release:
KnowBe4 Launches Industry’s First Ransomware Simulator

Product page & download:
Ransomware Simulator | KnowBe4

 

[Jashin]

so its harmless?

 

[Venhiem]

If you want to try it out but too lazy to fill out the business form with random junk, here's the download link.

 

[Jashin]

If you want to try it out but too lazy to fill out the business form with random junk, here's the download link.

THE GOD
Thank you master.

 

[HarborFront]

Hot discussions now at Wilders Security Forums and SpiceWorks Community

RanSim Ransomware Simulator test and discussion thread

"RanSim"... A Ransomware Simulator ...


I tried it and the result is

8/10 - G Data AV 2017 failed both Streamer and InsideCryptor

9/10 - HMPA failed Streamer only

0/10 - RansomFree failed ALL!!

0/10 - BD AntiRansomware Tool Free failed ALL!!

7/10 - Kaspersky Anti-Ransomware Tool for Business failed for Streamer, StrongCryptoNet and WeakCryptor

10/10 - CFW's HIPs alerted me of the 10 ransomwares. Can consider blocked if I block them

10/10 - AppCheck AntiRansom Free passed ALL!!

0/10 - ThreatFire 4.7 failed ALL!! (Tested by others)


From the above discussions it also seems Avast in 'Hardened Mode' and KIS passed ALL the 10 tests!


There's another free anti-ransomware defense testing tool by WatchPoint. You can read and download here

Tip of the Week – A Free Tool For Testing Anti-Ransomware Defenses

 

[erreale]

Hi everyone, I have tested Emsisoft IS and Malwarebytes 3.0. Emsi exceeded the test with 10/10.
By malwarebytes no allert.

 

[Andytay70]

Zemana AL didnt even pick this up! comodo sandbox and Avast did.

 

[HarborFront]

Zemana AL didnt even pick this up! comodo sandbox and Avast did.

Yup, you are right

However, ZAL did pick up when I tried to install the RanSim. I need to exit ZAL in order to get it installed.

 

[Xtwillight]

Hi everyone, I have tested Emsisoft IS and Malwarebytes 3.0. Emsi exceeded the test with 10/10.
By malwarebytes no allert.

The Video Test

 

[HarborFront]

Ok, test results updated. Tested with Ransim v1.0.2.2

8/10 - G Data AV 2017 failed both Streamer and InsideCryptor

9/10 - HMPA failed Streamer only

0/10 - RansomFree failed ALL!!

0/10 - BD AntiRansomware Tool Free failed ALL!!

7/10 - Kaspersky Anti-Ransomware Tool for Business failed for Streamer, StrongCryptoNet and WeakCryptor

10/10 - CFW's HIPs alerted me of the 10 ransomwares. Can consider blocked if I block them

10/10 - AppCheck AntiRansom Free passed ALL!!

0/10 - ThreatFire 4.7 failed ALL!! (Tested by @Av Gurus)

10/10 - VoodooShield (Tested by @XxX Legolas XxX)

10/10 - EAM (Tested by @Fabian Wosar)

10/10 - EIS (Tested by @Xtwillight)

10/10 - Vipre Business (Tested by @In2an3_PpG)

10/10 - NoVirusThanks EXE Radar Pro (Tested by @Davidov)

10/10 - Norton Security/MBAM (Tested at Wilders Security Forums) RanSim Ransomware Simulator test and discussion thread


I believe as time goes by more antiransom software will pass the test. And RanSim, hopefully, will come out with a new release and there goes another round of tests again

 

[HarborFront]

RanSim v1.0.2.4 already out. I just downloaded it.

Game for another round of tests?

 

[Davidov]

10/10 NoVirusThanks EXE Radar Pro

http://www.jpeg.cz/images/2016/12/30/8SnDm.jpg

 

[HarborFront]

Ok, tested with RanSim v1.0.2.4

10/10 - HMPA passed ALL the tests

 

[mecanicogolf]

Yes. Malwarebytes picked them all up with no problem, Though I think that´s good, they are still claiming that you need no AV with this either. What this program DOES fail is the EICAR test!

 

[Captain Awesome]

Can anyone test with Avast?

 

[XhenEd]

Can anyone test with Avast?

From HarborFront's post:
"From the above discussions it also seems Avast in 'Hardened Mode' and KIS passed ALL the 10 tests!"

 

[silversurfer]

Can anyone test with Avast?

Avast Free: 10/10 testing was done at 30/12/2016 - Here are some screenshots:

https://malwaretips.com/attachments/block-hardenedmode-png.129198/
https://malwaretips.com/attachments/viruschest-png.129204/
https://malwaretips.com/attachments/result-1-png.129205/

 

[Chris Hartwig]

notice that Zepto is not one of the test variants being used by RanSim, Zepto goes straight after network shares and only CryptoStopper Server from WatchPoint could protect you from that.

The way ransim works...and I use "works" loosely is that it creates a folder with dummy data and then launches a series of attacks against that honey pot folder. In my testing only 1 test actually ran and I've done some digging around on spiceworks and found other users have reported the same results.

If you want a ransomware tester...check out WatchPoint's powershell simulator. It's the real deal.

Tip of the Week – A Free Tool For Testing Anti-Ransomware Defenses

 

[Crypto]

This is a very interesting application.

 

[Korea]

ESET developer's answer.

It's an innocuous application that doesn't tell anything about detection and protection capabilities of ESET products. They test behavior blocking without distinguishing between malicious and benign applications. However, ESET does not only monitor the system and processes for suspicious behavior, it also scans memory for malware-like code. This also enables ESET not to warn about benign applications. Needless to say that there are many ways how the encryption works so the simulator may theoretically help malware authors to avoid techniques used by the simulator.

In a nutshell, programs that pass the simulator tests may be more prone to encryption by ransomware than ESET.

Just ran RanSim = Detection failed