The features to be considered when testing the ability of a security solution to detect ransomware:
At what point the ransomware is detected? (pre-execution or post-execution)
What kind of damage the ransomware was able to inflict before it was detected?
To evaluate the impact of a file encryptor ransomware sample, a realistic file system (preferably with a large volume of files in every directory) is required before starting the testing phase.
For example, the file system could include a documents folder, a pictures folder, and so on (files can be duplicated and renamed for the purpose).
This will facilitate the evaluation of:
It is safest to test ransomware by using the "one at a time" method.