4/5 – Setting up a ransomware attack simulation (harmless) – LUCY Server.

Setup and run different types of malware attack simulations with LUCY: In a set of screencasts we show you how you can execute vulnerability scans, ransomware simulations, remote console posts and many more!
Template based malware attack simulations: We created a series of screencasts, where we show quickly, how you can customize a vulnerabiltiy scan or a malware attack simulation using a predefined template.  Let’s have a look on these 5 videos:
  1. Setting up a malware testing toolkit simulation.
  2. Executing a malware simulation with LUCY. A harmless vulnerability scan is run.
  3. Which types of malware simulation templates are available in LUCY?
  4. This article: Setting up a ransomware attack simulation (harmless).
  5. How the simulations are reported: An example of a vulnerability scan report.

All screencasts can be seen here: Create an run malware  simulations

This Video shows how you set up a variety of the malware simulation toolkit: The tutorial shows how to run a ransomware attack simulation using the LUCY Malware SimulationTtoolkit Version 3.0 . You can configure if real data is to be used or if the Ransomware Simulation should use dummy data. The simulation is absolutely harmless. You can use it also for checking your security systems, f.e. if your installed monitoring software can detect a possible ransomware attack. Detailed information is available at our Support Wiki (Technical Malware Test)
A speciality of the technical Testing Toolkit is the possibility to run a simulated, harmless ransomware attack. The steps described in the video are:
  1. Your LUCY Server is running and you are using the LUCY-Gui in your browser.
  2. Create a new campaign. Name it, select the client,  choose ‘Expert mode’ and save the new campaign.
  3. Add a scenario: Select the ‘technical malware test’ template’ using the ‘use’ button, select f.e. ‘English’.
  4. Name the scenario, configure the base settings like the sender domain name (can stay local IP if you are using it just for getting the file by yourself), set the filename and the compression-format (zip). Ransomware scenarios need a file for download, so it’s always a file based attack scenario. Save the scenario.
  5. Go to the landing page of the scenario and configure the behaviour of the ransomware simulation: Choose the template ‘Malware Testing Toollkit’ and select in the ‘Configuration’ dropdown menu the value ‘ransomware’. Customize the ransomware simulation or keep everything by default and save the configuration you made. The most important variable is the ‘operation mode’ variable: Choosing the value ‘1’ the encryption uses dummy data and with that no client data is touched by the ransomware simulation on the client computer.
  6. Edit the message template of the scenario, add sender informations and push the save button. There’s no need to configure other parameters for the ransomware simulation, because you did it already on the landing page. Choose n/a in the ‘Template’ field. Save the settings.
  7. If a warning is displayed while you save the message template you need to push the save button again.
  8. Press the “Play” button |> to get to the Dashboard
  9. Add recipients to the campaign by adding an adress goup. Link the scenario created before to the adress group witch using the ‘Scenarios’ check box  and save it.
  10. Start the campaign using the play button |> , select real attack
  11. Wait until the preliminary campaign checks are finished, correct warnings or errors if necessary. Warnings are highlighted in yellow, errors are highlighted in red. If you click on the highlighted text areas, you’ll always get useful tips how to fix the issues.
  12. Hit the start (anyway) button again, if needed.
  13. The campaign starts and the mails are send to the recipients.
  14. As a recipient, go to your inbox.
  15. As a recipient, click on the link in the mail you got. You are directed to the landingpage containing the link for the ransomware simulation file.
  16. As a recipient, download, extract and doubleclick/run the ransomware simulation file.
  17. Now you should see the Gui of the ransomware simulator.
  18. You can check in the ‘Templates’ tab the settings of the  ransomware simulation.
  19. Start the simulated ransomware attack with the ‘run’ button and wait until the simulation has finished.
  20. When you push the ‘send’ button: The data is send back to the LUCY server and saved on the server for analysis by the system administrator.
  21. When you push the ‘save’ button: A report is generated and stored locally on your computer, it can be viewed with a regular web browser. After saving you can look into the report and check if and how the ransomware simulation did work!

All screencasts can be seen here: Create an run malware  simulations