Ransomware Response Simulation
45:00
Contain and recover from a ransomware attack
File Server 01
Server - Windows Server 2019
Infected
Files:342
Encrypted:342
Workstation 15
Desktop - Windows 10
Infected
Files:156
Encrypted:156
Workstation 23
Desktop - Windows 10
Infected
Files:89
Encrypted:89
Database Server 02
Server - Linux Ubuntu 20.04
At Risk
Files:215
Encrypted:0
Mail Server
Server - Linux Ubuntu 20.04
At Risk
Files:178
Encrypted:0
Network Status
Systems Isolated:0 / 5
Network Segments Affected:2 / 5
External Communications:Active (Malicious)
Tasks Completed: 0/5
Step 1 of 5: Introduction
Welcome to the Ransomware Response Scenario
In this simulation, you will learn how to respond to a ransomware attack. Your organization has been hit by ransomware that has encrypted files on multiple systems. Your task is to contain the incident, identify the ransomware, recover the systems, and document the incident.
Getting Started:
- Click "Start Simulation" to begin
- First, isolate all infected systems to prevent further spread
- Analyze the ransomware to identify its characteristics
- Restore systems from clean backups
- Document the incident and implement lessons learned
Scenario Details
Difficulty:Intermediate
Estimated Time:45-60 minutes
Category:Incident Response
Skills:
ContainmentRecoveryAnalysis
Tasks
- Isolate infected systems
- Identify the ransomware variant
- Restore from clean backups
- Patch vulnerabilities
- Document the incident
Learning Objectives
- Understand ransomware attack patterns
- Implement effective containment strategies
- Restore systems from clean backups
- Identify and patch security vulnerabilities
- Document incidents and implement lessons learned