In this challenge, students will explore the behavior and techniques of ransomware without any prior knowledge of the targeted system and ransomware.

In this challenge, students will decrypt a file encrypted by ransomware using CyberChef. In order to do that, they will need to modify the ransomware source code. 

In this challenge, studens will develop a ransomware variant with an improved persistence capabilit

In this lab, students will assume the role of a negligent computer user clicking the link on a phishing email, downloading the ransomware, and running it. The purpose of Lab 1 is to make students familiar with the behavior of ransomware.

In this lab, students will assume the role of an an information security analyst. They will analyze the behavior of ransomware using process and traffic monitoring tools. The purpose of Lab 2 is to teach students the fundamentals of dynamic analysis of ransomware.

In this lab, students will assume the role of a threat analyst / forensics analyst. They will analyze the ransomware executable by popular reverse engineering tools and extract identifiers about the malicious file. The purpose of Lab 3 is to teach students the fundamentals of binary analysis of ransomware.

In this lab, students will assume the role of a code reviewer. They will analyze the source code of ransomware and make some changes in the code to change the behavior of it. The purpose of Lab 4 is to understand the implementation details of ransomware and reinforce the knowledge obtained in the previous labs.

In this lab, students will assume the role of an incident responder. They will respond to a real ransomware incident as suggested by NIST SP 800-61. The purpose of Lab 5 is to demonstrate the primary constructs of the incident response process in the case of a ransomware infection.

In this lab, students will assume the role of a security administrator/system administrator. They will take necessary mitigations and preventative measures on the computer. The purpose of Lab 6 is to teach students the required hardening steps to prevent a ransomware attack.