How to test the efficiency of ransomware protection?

The purpose of installing an antivirus or security program on your computer is to secure your stored data from security threats, but how can we make sure that it does its job as intended? The program here is not like a surveillance camera that we wave in the face of its lens to see whether it is working or not. Rather, it must be exposed to different types of “fake” viruses to see how it interacts with them and thus evaluate its efficiency. It is somewhat similar to “Corona vaccines”, whose components are the genetic code of the virus, to prompt the immune system to respond as much as possible.

And because ransomware is the most prevalent and sophisticated nowadays, it is important to rest assured that your data is well secured against this type of security threat so that if you rely on security software as a main shield to protect this data, its ability to confront ransomware should be tested in various ways. their forms. how? It's very simple thanks to a great tool called "RanSim". Let's show how to use it.

ransomware protection

RanSim is completely free and its simple idea is to simulate more than 20 ransomware attacks on your computer and then monitor the behavior of the installed antivirus and analyze the level of security it provides to your data. Of course, the program will not use real or malicious ransomware, and certainly will not change or damage any files on your device in any way because the simulation here depends on a special environment created by the tool itself.

RanSim uses various techniques to simulate as closely as possible the real ransomware such as file overwriting, copying, encrypting, deleting etc., but also simulating ransomware that eats up computer resources for mining so that it tests the response of the security software against various forms of these viruses.

The tool is very reliable and poses no risk of any kind, RanSim is developed by KnowBe4 which is a well-known company that aims to provide security awareness to help manage IT security issues of social engineering, phishing and ransomware attacks. The company is also headed by one of the biggest hackers in the world: Kevin Mitnick so it's definitely a tool to try!


To download the tool, all you have to do is go to the official website of RanSim and then fill out the application to download the tool by entering the required data in the “I want my RanSim download” section, and then the download link will be displayed, or you can click on this direct link to download the tool on immediately. After running the "" file, it will ask you to type the password to secure the boot files, then type "knowbe4" and press "Launch" to start installing the tool.

After installing the tool, you will notice that a folder named "KB4" appears in your Windows partition, which is usually (C:). This folder serves as the simulation environment that RanSim uses to run tests. It contains software that simulates ransomware and files that mimic user files that will be encrypted or destroyed by various means. Knowing that the tool allows you to add any real files to the test environment in case you want to See for yourself what real ransomware can do to your data if they attack your computer.

Now all you have to do is launch the tool and then click on the “Check Now” button to start testing the various scenarios shown in front of you under the “Scenarios” menu where the tool lists the description of each scenario and what it does exactly. So far, RanSim simulates 23 ransomware viruses and the list is constantly updated every once in a while. 


After pressing the "Check Now" button, RanSim will run 23 separate scenarios to simulate different types and methods of ransomware, and two additional scenarios will be run to test the security software's seriousness in distinguishing between security threats and normal, potentially threatening operations. The test takes about a minute and maybe more, depending on the speed and specifications of the device, and after each scenario is completed, it is clarified whether the security program succeeded in addressing it or not.


After the end of the entire test, the results will be presented in an organized and concise manner, as shown in the attached image. You can easily find out the number of scenarios out of 23 that the antivirus failed to deal with under the "VULNERABLE" section. The number of scenarios that the program has proven to be able to address will appear in the "NOT VULNERABLE" section, and therefore if your device is exposed to ransomware simulated in those scenarios, your data will not be affected in any way.

For the "INCORRECTLY BLOCKED" part, it must be 0/2 as this confirms that the test is correct and that all scenarios have been fairly validated and therefore the final result shown to you can be trusted. But if it is 1/2 or 2/2, this loses the credibility of the final result because the protection program was not able to differentiate between the processes that pose a risk to data and the ones that do not cause damage, and therefore it blocked all the processes running by the RanSim tool.

Note in the test result there is a graph showing the number of files that would have been at risk if an actual ransomware attack had taken place on your device. As shown in our tests, there are more than 1,600 files at risk even with an antivirus.

As mentioned above, RanSim allows you to add real files of your choice to the testing environment to see how ransomware affects them. If you want to experiment, click on the "Click Here" button above and drag the files to the Open window that appears in front of you. Then click on the "Check Now" button to take the test again.


Of course, the results of the RanSim tool will differ from one device to another depending on the security program used. In our test for the purpose of this explanation, we relied on the pre-installed Windows Security program on Windows 11, and the result was expected compared to more advanced programs in the field of antivirus such as Avast, Avira and Acronis.

However, we don't claim that Windows Security is too bad but still reliable as it contains a feature designed specifically for ransomware called Controlled Folder Access which we explained before how to activate and use it. When we enable the feature to secure a small set of files that are used in RanSim tests, it has been shown to be effective against ransomware scenarios that specifically target these files.

Overall, RanSim is very useful for giving you an idea of ​​the security software's ability so you can take steps to improve your device's security level to secure your files and reduce the risk of your device falling victim to a ransomware attack.


Font Size
lines height