# Ransomware Protections Micros

This directory contains the micro emulations for ransomware groups.

ℹ️ A emulation plan is the primary document used to execute the red team scenario during a purple team operation.

ℹ️ A micro emulation aims to emulate compound behaviors that represent a short sequence of related ATT&CK techniques commonly used together in real-world attacks. This structure allows for a precise and controlled evaluation of protection mechanisms employed against threat behaviors implemented in a compromised environment, where the adversary has already bypassed traditional preventive measures, rather than focusing solely on preventing the initial breach.

ℹ️ Protections mechanisms are used to prevent, detect, and respond to malicious activities or potential threats on endpoints. Enterprise cybersecurity solutions aim to safeguard systems and data by employing layered defenses that operate in real time and adapt to evolving threats.

The scenario documents in the table below include the red team execution commands, links to source code, ATT&CK techniques leveraged, and CTI reporting pertaining to each scenario step.

Red Team Playbook	CTI Operations Flow	Description
ER6_Ransomware_Protections	Ransomware_Protections_Diagrams	This contains the Protections micro emulations developed to emulate ransomware behaviors in the Protections portion for Round 6 of ATT&CK Evaluations for Enterprise