I will test if your defenses can stop ransomware

Would your company survive a ransomware attack tomorrow?

I emulate real ransomware TTPs on a machine you provide, targeting only agreed files. Goal: test if your EDR stops the attack and if your Blue Team detects it.

Ransomware groups available:

LockBit 2.0, REvil, Maze, Conti, BlackCat/ALPHV, Black Basta, Royal, Clop, Ryuk, DarkSide, Hive, Akira, Play, Medusa

How it works:

• You provide a test machine with your security stack
• We agree on target files/folders for encryption
• I execute real ransomware (LockBit, REvil, Maze)
• We measure: Was I stopped? When? By what?

What I execute:

• Payload delivery & execution
• Defense evasion techniques
• File enumeration
• Data exfiltration to controlled C2
• Encryption attempt on agreed files
• All mapped to MITRE ATT&CK

What you'll know:

• Does your EDR actually stop ransomware?
• At which stage did detection trigger (if any)?
• Did your Blue Team notice before encryption started?
• What visibility gaps exist?

You receive:

• Full attack timeline with MITRE mapping
• Detection vs. execution comparison
• Gaps identified + remediation priorities
• Executive summary

Controlled & safe:

• Only agreed files/folders are targeted
• Coordinated