FILE-SRV-04 encrypting shares, ransom note dropped, lateral SMB scans starting
A hard Cybersecurity scenario on Ransomware (Early Stage).
Start a graded attempt against this scenario. Your response is scored by the same deterministic rubric used across the catalog. Email and evidence content stay hidden until you start.
Launches this exact scenario. One of 5 templates in this Track + Difficulty pool.
catalog id · ransomware-early-stage-fileserver
What this scenario practices, mapped to recognized frameworks.
Educational mapping only. Not a compliance attestation.
- Early-stage ransomware containment
- Backup-driven recovery decisioning
- Data Encrypted for Impact · ImpactT1486 · TA0040MappedHigh confidence
Trains early-stage ransomware recognition and containment.
- Remote Services · Lateral MovementT1021 · TA0008PartialMedium confidence
Trains defensive reasoning about lateral spread risk on file shares.
- File AnalysisD3-FAMappedHigh confidence
Trains file-analysis evidence handling for suspicious renames.
- Process Activity AnalysisD3-PAUMappedHigh confidence
Trains process-activity review on the source host.
- Mitigation · RespondRS.MI · RSMappedHigh confidence
Trains the mitigation reasoning the scenario centers on.
- Recovery Planning · RecoverRC.RP · RCMappedHigh confidence
Trains recovery decision making before encryption completes.
- IR lifecycle phaseContainment, Eradication & RecoveryMappedHigh confidence
Trains the IR phase the scenario centers on.
- System Backups2.OMappedHigh confidence
Trains the backup-readiness baseline the scenario depends on.
- Incident Response Plans2.PMappedHigh confidence
Trains the IR-plan baseline.
- Data RecoveryControl 11MappedHigh confidence
Trains the recovery control the scenario exercises.
- Malware DefensesControl 10MappedHigh confidence
Trains the endpoint-defense response.