Question

What is Testing Ransomware?

Answer 1

Testing Ransomware

• The features to be considered when testing the ability of a security solution to detect ransomware:

  • At what point the ransomware is detected? (pre-execution or post-execution)

  • What kind of damage the ransomware was able to inflict before it was detected?

• To evaluate the impact of a file encryptor ransomware sample, a realistic file system (preferably with a large volume of files in every directory) is required before starting the testing phase.

  • For example, the file system could include a documents folder, a pictures folder, and so on (files can be duplicated and renamed for the purpose).

  • This will facilitate the evaluation of:

    • The ability of the security solution/product to roll back the effects of the attack.

• It is safest to test ransomware by using the "one at a time" method.