In today’s threat landscape, many small and medium-sized businesses (SMBs) trust their security software to protect them against cyberattacks. But trust alone isn’t enough. The most effective way to validate your cybersecurity policies for SMB environments is to test them under realistic conditions.
That’s exactly what we did in our recent ransomware simulation experiment, where we detonated the infamous WannaCry ransomware in a safe, isolated lab to see how our Google Workspace focused security stack performed.
Watch the Full Simulation
See the ransomware simulation in action in the video below:
Why Simulate a Ransomware Attack?
While many businesses believe their endpoint detection and response (EDR) tools, antivirus, and ransomware detection are configured correctly, assumptions can be dangerous.
Running a controlled ransomware simulation helps to:
- Identify gaps in configuration or policies
- Validate that detection and response tools trigger as expected
- Strengthen your incident response plan
Build real-world readiness without risking production systems
We performed our test in an isolated virtual machine entirely off our company network to ensure no chance of lateral spread. Anurag Adhikari, the CISO of Sentry Cyber, who led the experiment, holds a rare and highly respected malware analysis certification. In other words: don’t try this on your business network.
What Was WannaCry?
WannaCry is one of the most notorious ransomware strains in history. First appearing in 2017, it exploited a Windows vulnerability to spread rapidly across networks, encrypting files and demanding Bitcoin payments. It affected more than 200,000 computers in over 150 countries causing billions in damages.
For businesses, WannaCry is a harsh reminder of why cybersecurity frameworks, incident response planning, and strong GRC (Governance, Risk, and Compliance) practices are essential.
Inside the Ransomware Cybersecurity Test
Here’s what we did step-by-step:
- Lab Setup
- Created a secure, offline virtual machine
- Installed our endpoint protection stack: Kaseya EDR, ransomware detection, and antivirus
- Verified the machine was online and fully visible in the EDR portal
- Verification of Malware
- Used malware analysis tools to confirm the sample was indeed WannaCry
- Reviewed its alternative names and detection profiles
- Execution of the Ransomware
- Ran the malicious executable file explaining that ransomware often spreads via phishing attachments, malicious downloads, or compromised software updates
- Observed how quickly files were encrypted
- Detection & Response
- Datto EDR and RocketCyber MDR instantly detected the ransomware
- The system was isolated from the network automatically
- Verified by attempting a Google search confirming no network access
The result: Our Kaseya endpoint security stack responded exactly as designed, stopping the attack in seconds.
Why SMBs Should Consider This Test
We offer this ransomware cybersecurity testing service to businesses who want to validate their security stack in a controlled environment.
Our approach:
- Take an image of your chosen machine or server
- Ensure all file-syncing apps (Google Drive, OneDrive, etc.) are disabled
- Execute the simulation in our secure lab
- Provide a full report on detection time, containment, and recommendations
This is not just a tech exercise, it’s a valuable part of your incident response plan.
Beyond Ransomware: Other Security Simulations
Another key test is a phishing simulation. This involves sending safe, simulated phishing emails to staff to measure click rates and train users to spot malicious messages.
We offer this as part of our Cyber Security Training service helping SMBs meet cybersecurity frameworks like SMB1001, Essential Eight, and NIST.
How This Fits Into Cybersecurity Policies for SMB
Your cybersecurity policies for SMB environments should cover:
- Ransomware prevention and response
- Phishing awareness training
- Regular backup testing
- Endpoint monitoring and logging
- GRC compliance checks
Simulations make policies actionable, turning theory into measurable protection.
Conclusion: Test Before You Trust
Running a ransomware simulation isn’t about breaking things, it’s about building confidence in your defences. If you’re serious about protecting your business, don’t wait for a real attack to find out if your security works.
Contact us today to discuss a ransomware or phishing simulation for your organization. Let’s make your security stack battle-tested, not just installed.
FAQ: Ransomware Simulation & SMB Cybersecurity
Q1: Is a ransomware simulation safe?
Yes – when performed in a secure, isolated lab environment by professionals. We ensure zero risk to your live systems.
Q2: How long does the test take?
Typically 2–4 hours, including preparation, execution, and reporting.
Q3: What security tools do you test?
We can test EDR, antivirus, email security gateways, and backup restoration processes.
Q4: Is this only for Google Workspace users?
No – while we specialise in Google Workspace security, we can test Microsoft 365 and hybrid environments.