Ransim is a ransomware simulator for Windows that simulates attacks of ten ransomware families against the computer system.

Ransomware is without doubt a relatively new threat category that has gained some prominence in recent time.

Security companies have added ransomware protection to their tools as a response, or released standalone programs with the aim to block ransomware from encrypting files on a computer system.

It is difficult for most users to determine how well anti-ransomware programs protect their systems against ransomware threats. RanSim has been designed to simulate attacks on a computer system to find out if it is protected against ten common ransomware attacks.


You are asked to fill out information on the developer website before download options are provided. I suggest you download the program from Major Geeks or another third-party download repository instead.

The program makers suggest that you keep your security software configured as is to simulate a real-world attack scenario. This may be problematic however in some cases. The new Malwarebytes Premium for instance blocked the execution of RanSim on target systems.

RanSim’s interface is easy to use. It offers information on the ransomware test scenarios, and a single button that you may click on to start the test.

The test should not take longer than a minute to complete. The program will download test files from the Internet, but won’t harm any files on the local system. It will enumerate the files though and display information on the vulnerability of these files.

It tests the following ransomware scenarios:

  1. InsideCryptor — encrypts files using strong encryption and overwrites most of the content of the original files with the encrypted data.
  2. LockyVariant — simulates the behavior of a recent version of Locky ransomware.
  3. Mover — Encrypts files in a different folder using strong encryption and safely deletes the original files.
  4. Replacer — Replaces the content of the original files. A real ransomware would show a message that fools users into thinking they can recover them.
  5. Streamer — Encrypts files and writes data into a single file, using strong encryption, then deletes the original files.
  6. StrongCryptor — Encrypts files using strong encryption and safely deletes the original files.
  7. StrongCryptorFast — Encrypts files using strong encryption and deletes the original files.
  8. StrongCrytptorNet — Encrypts files using strong encryption and deletes the original files. It also simulates sending the encryption key to a server using an HTTP connection.
  9. ThorVariant — Simulates the behavior of a recent version of Thor ransomware.
  10. WeakCryptor — Encrypts files using weak encryption and deletes the original files.
READ  Defending Your Bitcoins – Every little thing You Must Know

RanSim lists the number of successful and unsuccessful attacks during the test.

Closing Words

Select anti-ransomware software won’t block RanSim from execution. This is for instance the case for RansomFree which creates its own dummy files that it monitors. Other security software may block the execution of the application.

This makes the program unusable on those machines. Still, it if works, it may be an eye opener if the anti-ransomware protection does not protect against the simulated attacks.

Now You: Best protection against ransomware?

About Martin Brinkmann

Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand.You can follow Martin on Facebook, Twitter or Google+