The Ransomware exercise is a customized, six-hour, live fire Cyber Range training exercise hosted on ACRE. This exercise is led by expert cyber security engineers and can be executed in a classroom as well as remotely. In this exercise, a ransomware-based attack (i.e., “WannaKry”) is launched via a malicious spear phishing originated compromise. This exercise includes a hands-on keyboard interface, which creates realistic technical training and management interaction opportunities. This exercise is not simulated – it is real malware, detonated in representative network enviroment. Participants are encouraged to view the attack as if it were happening to their institutions in real time, and asked to share what they have done or would do based on the facts provided. Such “range-based” exercises help institutions better understand the impact of an attack and prompt them to improve the ways in which their network defenders respond, communicate, request assistance, and recover from real-world cyber attacks. Institutions that have participated in this exercise have benefited directly by building greater interaction with their security community, as well as increasing capability maturity levels and resiliency across their specific customer sector.