Level: Advanced

Advanced Cyber Range Environment (ACRE) - Ransomware Exercise

1 Day | Instructor Led

The Ransomware exercise is a customized, six-hour, live fire Cyber Range training exercise hosted on ACRE. This exercise is led by expert cyber security engineers and can be executed in a classroom as well as remotely. In this exercise, a ransomware-based attack (i.e., “WannaKry”) is launched via a malicious spear phishing originated compromise. This exercise includes a hands-on keyboard interface, which creates realistic technical training and management interaction opportunities. This exercise is not simulated – it is real malware, detonated in representative network enviroment. Participants are encouraged to view the attack as if it were happening to their institutions in real time, and asked to share what they have done or would do based on the facts provided. Such “range-based” exercises help institutions better understand the impact of an attack and prompt them to improve the ways in which their network defenders respond, communicate, request assistance, and recover from real-world cyber attacks. Institutions that have participated in this exercise have benefited directly by building greater interaction with their security community, as well as increasing capability maturity levels and resiliency across their specific customer sector.

Inquire About:
Advanced Cyber Range Environment (ACRE) - Ransomware Exercise

Ideal Candidates for Advanced Cyber Range Environment (ACRE) - Ransomware Exercise Class

Cyber Security Analyst wishing to update their hands-on skills

Advanced Cyber Range Environment (ACRE) - Ransomware Exercise Prerequisites

Experience in the following areas: Windows 2008 R2, Windows 10, pfSense, Security Onion, VyOS and Exchange 2010

What You'll Get in Advanced Cyber Range Environment (ACRE) - Ransomware Exercise

Access to the Advanced Cyber Range Environment
Hands-On Skills combatting malware

What You'll Learn in Advanced Cyber Range Environment (ACRE) - Ransomware Exercise

Phase 1: Malware Identification
Phase 2: Defensive Modifications
Phase 3: Active Defense
Phase 4: HotWash

No Certification Test Available For This Course

No Certification Test Available For This Course

Advanced Cyber Range Environment (ACRE) - Ransomware Exercise Outline

Phase 1: Malware Identification
Identify the type of malware that was injected into the network.
Identify the initial infection vector.
Identify the malware C2 (Command & Control; also referred to as Callback).
Extract a sample of the malware.
Describe how the malware is propagating.

Phase 2: Defensive Modifications
Develop and submit a request to the CCB outlining the steps required to harden the network against future attacks like the one identified in Phase 1.

Phase 3: Active Defense
Actively defend the network if the recommended changes do not prevent propagation when the inject is launched again.

Phase 4: HotWash
Discuss what happened during Phase 1 and Phase 3.
Discuss your institution’s existing protocol for this type of attack.
Discuss how your institution's existing protocol could be improved based on what you experienced and learned today.


A. Erlich


I just wanted to say your presentation on Social Media Technology and Security was the finest I have ever attended.

Wilder Guerra

US Navy Reserve

This course is definitely an eye opener. With how much social media has taken over, it is important to be fully aware of the capabilities along with all the risks it brings. It is important to get this course because social media is the new norm.

Rebekah Coughlin


The Social Media and Security Training course offered by UKI is a great and beneficial course combining technical training to fully understand TCP IP networking, DNS, and the harms of malware and cross-site scripting; as well as practical training that allowed attendees to play with open source social intelligence gathering solutions. This is the perfect class for those involved in IT security and interested in social media and identity theft.

Top Related Courses

All actions in war, regardless of the level, are based upon either taking the initiative or reacting in response to the opponent. By taking the initiative, we dictate the terms of the conflict and force the enemy to meet us on our terms. The initiative allows us to pursue some positive aim even if only to preempt an enemy initiative. It is through the initiative that we seek to impose our will on the enemy.

One major catalyst of change is the advancement of technology. As the hardware of war improves through technological development, so must the tactical, operational, and strategic usage adapt to its improved capabilities both to maximize our own capabilities and to counteract our enemy's. MCDP-1 Warfighting

For the first time in history, the cyber and warfare climate have intertwined. The blending of these two worlds has shown the importance of functional, practical and aggressive cybersecurity. UKI’s CyberVanguard Series Tier I: Enterprise Guardian focuses on enhancing foundational policies and best practices, with advanced fundamentals, empowering cybersecurity teams to protect their enterprise network.


Cyber Vanguard Series - Cyber Strike takes the offensive and defensive assault tactics and applies them in several different real world scenarios. The entire course is hands on and builds upon the skills and knowledge the students have previously received. Applications include Offensive only - Hunt Teaming, Data Harvesting, and Asset Extraction, Defensive Only – Defending Your Assets, Setting Active Intrusion Systems, Vulnerability Assessment and Remediation, and Offensive and Defensive – Capture the Flag, where teams are pitted against each other to protect their own resources while attacking the opposing team.

© 2019 Ultimate Knowledge Insitute | All Rights Reserved
GSA# GS-35F-0469W