With the nature of this service, we expect that potential clients may have a variety of questions, primarily around the safety and security of the simulation. The FAQ section below should hopefully answer any questions you may have, although please do get in touch directly if there are any specifics that have not been answered.

Will My Data Be Safe?

If your business want to perform this assessment against a live system with real files, please rest assure that Ruptura have full decryption capabilities and have access to all decryption keys to restore original data for all fully encrypted files.


We do however recommend that the engagement is performed against ‘live’ systems with a selection of sample files on them. This could be a copy of an existing profile, or a large variety of files containing dummy data. In this scenario, there is no risk to losing any sensitive or business critical data.

What Stops The Sample Infecting The Whole Network?

Our development team have ensured that the sample only targets specific directories and pre-confirmed locations.  There is no risk that the sample will propagate through the network.

Why is This Better Than a Tabletop Exercise?

A tabletop ransomware simulation exercise is purely theoretical whereby you place full trust in your current defensive tooling. 


Our fully practical assessment provides you with assurance that your tooling is doing what you expect. It is a safe a realistic test that either highlights proof of value in existing tooling, or highlights potential areas to work on.

How Long Does it Take to Complete?

We allocate 5 days of resource per engagement. This includes:

  • Initial consultation and project tailoring.
  • A multi-stage and fully practical assessment against a selection of devices.
  • Provisioning dashboard access.
  • Reporting.
  • Debriefing.

How Much Does This Cost?

Pricing of the service is dependant of the scale of the assessment and what additional services you may require. All of our pricing options can be found here.

My Business is Small, Do I Need This Service?

Our service has been built to ensure that it is available and applicable to businesses of all sizes.


Small businesses often do not have the ability to quickly restore and recover from a ransomware attack in the same way that larger organisations may be able to. Due to this, a ransomware attack against a small business could be catastrophic and could potential cause the organisation to cease trading for a significant amount of time.

Can We Have Access to Source Code of the Tool?

We do not typically share source code with clients, but in the rare case that additional assurance is required around the inner workings of the sample, access to source code snippets may be provided under certain conditions.

We Have Cyber Insurance, Doesn't That Cover Us?

Cyber insurance often only covers organisations up to a certain (and relatively small) amount if a breach was to occur.


A practical assessment should quickly highlight any areas of weakness that can then be appropriately remediated, reducing the chance that a cyber insurance policy is ever going to be required.

What Experience Does the Ruptura Team Have?

Our team of consultants and operators are exceptionally experienced in assessing complex networks and environments. We are trusted by many large household names to assess their most critical assets. 


Our team are very well regarded in the wider cyber security space, with many of the team members holding CVE’s and/or given talks at security specific conferences.

How is the Assessment Performed?

There are five main steps to the service:

  1. Tailoring – We work with your team to learn your environment, biggest risks, technologies and various policies that are in place. This is used to then tailor the testing service.
  2. Delivery – We will assess a variety of vectors to identify how ransomware could enter your environment. We will not only look at traditional access vectors, but also those that are less common but equally effective.
  3. Execution – Our team of experienced operators will run a selection of hands-on technical assessments against the pre-defined targets. These tests aim to assess your current ransomware and wider malware controls at a granular level, providing you with full visibility of your cyber risk profile.
  4. Data Loss Prevention – Ransomware has evolved to not just encrypt data, it has adapted to include various other methods of extortion. Additional assessments focused around exfiltrating data will be performed, highlighting potential gaps within your Data Loss Prevention systems.
  5. Reporting – Our specialist operators will create your bespoke, technical ransomware simulation report, detailing all areas of the engagement and their corresponding results. Alongside this, your custom dashboard will be provisioned, providing your organisation with access to high level statistics for the next 12 months.

Can Data Be Fully Recovered Once Encrypted?

Ruptura have full access to decryption keys and have full decryption capabilities for fully encrypted files.


The only case where data may be lost is where the service is terminated part way through the encryption process, resulting in a partially encrypted file. Due to the technical methods of encryption used, it may not be possible to restore that single affected file. Due to this, we always recommend that the assessment takes place against real and live systems, but with sample files.

Can this be Performed Remotely?

Although the assessment can technically be performed remotely, we always recommend that the service is performed ‘onsite‘ together with your internal teams. Results from collaborative engagements have provided much more useful than those performed remotely.

What Operating Systems Does This Run On?

Our ransomware samples have been developed to run across all modern versions of Windows, Linux and MacOS, this includes ARM64 / AMD64 / x86 architectures.

What Do I Need to Provide to Ruptura for This?

You will need to provide us with physical or network access to the devices in scope. Typically this is between 3-7 devices. We also require a dedicated point of contact, at least for the testing period of the engagement. 

How Can I Book This for My Organisation?

  • Using the contact form found here.
  • Emailing: ransomware@ruptura-infosec.com
  • Calling directly: 01908 888984.
  • Reaching out via live chat.

Sign Up for Our Newsletter