# RansomLeak > B2B security awareness training platform delivering interactive 3D cybersecurity simulations, gamified learning, and SCORM-compliant packages for enterprise organizations. Founded in 2024 in Estonia by the creator of Kontra Application Security Training. RansomLeak builds immersive, scenario-based security training that employees actually complete. The platform covers phishing, ransomware, social engineering, vishing, smishing, business email compromise, deepfake whaling, USB drop attacks, AI prompt injection, and GDPR compliance. Training is delivered as SCORM packages for any LMS or through a standalone cloud platform with SSO, analytics, and white-labeling. ## Platform & Product - [Homepage](https://ransomleak.com/): Security awareness training with interactive 3D simulations, gamification, and enterprise deployment options - [Platform Features](https://ransomleak.com/features/): Interactive 3D simulations, real-time analytics, SSO/MFA, gamification, custom content, and compliance reporting for SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, and NIS2 - [SCORM Integration](https://ransomleak.com/scorm/): Full SCORM 1.2 and 2004 compliance with one-click export for Moodle, Cornerstone, Workday, SAP SuccessFactors, Docebo, Canvas, Blackboard, and 50+ LMS platforms - [Training Catalogue](https://ransomleak.com/catalogue/): 60+ free interactive cybersecurity exercises covering phishing, ransomware, AI security, GDPR compliance, and more with no sign-up required - [Free Exercise Library](https://ransomleak.com/learning/): Curated selection of free cybersecurity exercises with no sign-up required - [Partnership Program](https://ransomleak.com/partners/): MSSP and technology partnerships with white-label training, API integration, and revenue sharing ## Training Catalogue - [Security Awareness Training Catalogue](https://ransomleak.com/catalogue/): Browse 60+ free interactive exercises organized into 4 training categories - [Security Awareness Training](https://ransomleak.com/catalogue/security-awareness/): 42 interactive exercises across 10 structured courses covering phishing, ransomware, social engineering, passwords, device security, and more - [GDPR Compliance Training](https://ransomleak.com/catalogue/privacy-compliance/): 11 free interactive GDPR exercises covering breach response, DSAR processing, privacy by design, cross-border transfers, and processor vetting - [AI & LLM Security Training](https://ransomleak.com/catalogue/ai-security/): Interactive exercises on prompt injection, deepfake detection, AI-generated phishing, and LLM manipulation - [Real-World Incident Case Studies](https://ransomleak.com/catalogue/real-world-incidents/): Interactive case studies reconstructing actual security breaches including the MGM Resorts $100M attack ## Free Interactive Exercises - [Phishing Detection](https://ransomleak.com/exercises/phishing): Identify and respond to phishing emails in a realistic simulation - [Ransomware Response](https://ransomleak.com/exercises/ransomware): Handle a live ransomware attack scenario and learn containment steps - [Social Engineering](https://ransomleak.com/exercises/social-engineering): Recognize manipulation tactics used in social engineering attacks - [Vishing (Voice Phishing)](https://ransomleak.com/exercises/vishing): Detect phone-based social engineering in simulated voice calls - [Smishing (SMS Phishing)](https://ransomleak.com/exercises/smishing): Spot fraudulent text messages and SMS-based attacks - [Business Email Compromise](https://ransomleak.com/exercises/business-email-compromise): Prevent CEO fraud, invoice manipulation, and account compromise - [Barrel Phishing](https://ransomleak.com/exercises/double-barrel-phishing): Defend against two-stage phishing attacks that bypass spam filters - [Deepfake Whaling](https://ransomleak.com/exercises/whaling-with-a-deepfake): Identify deepfake-powered executive impersonation attacks - [Data Leakage Prevention](https://ransomleak.com/exercises/data-leakage): Protect sensitive data from accidental or intentional leakage - [Social Media Oversharing](https://ransomleak.com/exercises/social-media-oversharing): Understand how social media posts create attack vectors - [OneNote Email Attack](https://ransomleak.com/exercises/onenote-email-attack): Detect malicious OneNote attachments used to deliver malware - [MGM Resorts Breach Case Study](https://ransomleak.com/exercises/mgm-resorts-security-breach): Analyze the real-world MGM Resorts cyberattack and its social engineering tactics - [USB Drop Attack](https://ransomleak.com/exercises/usb-drop-attack): Respond safely to suspicious USB devices found in the workplace - [AI Prompt Injection](https://ransomleak.com/exercises/clawdbot-prompt-injection): Learn how prompt injection attacks target AI assistants and chatbots ## GDPR Compliance Exercises - [Marketing Consent Management](https://ransomleak.com/exercises/gdpr-marketing-consent-management): Handle GDPR consent for marketing communications - [Data Breach Response](https://ransomleak.com/exercises/gdpr-data-breach-response): Execute proper breach notification under GDPR timelines - [Privacy by Design Review](https://ransomleak.com/exercises/gdpr-privacy-by-design-review): Evaluate systems for GDPR privacy-by-design compliance - [DSAR Processing](https://ransomleak.com/exercises/gdpr-legitimate-dsar-processing): Process data subject access requests correctly - [PII Document Redaction](https://ransomleak.com/exercises/gdpr-pii-document-redaction): Redact personally identifiable information from documents - [Fraudulent DSAR Detection](https://ransomleak.com/exercises/gdpr-fraudlent-dsar-detection): Identify and handle fraudulent data subject requests - [Third-Party Processor Vetting](https://ransomleak.com/exercises/gdpr-third-party-data-processor-vetting): Evaluate third-party data processors for GDPR compliance - [Security Incident Response](https://ransomleak.com/exercises/gdpr-security-incident-response): Manage security incidents within GDPR requirements - [Cross-Border Data Transfers](https://ransomleak.com/exercises/gdpr-cross-border-data-transfers): Navigate cross-border data transfer rules and mechanisms - [Data Protection Impact Assessment](https://ransomleak.com/exercises/gdpr-data-protection-impact-assessment): Conduct Data Protection Impact Assessments - [Data Mapping & Records of Processing](https://ransomleak.com/exercises/gdpr-data-mapping-and-records-of-processing): Create and maintain records of processing activities ## Blog & Guides - [Security Awareness Training: The 2026 Guide](https://ransomleak.com/blog/security-awareness-training-guide/): Implementation strategies, ROI measurement, and interactive training methods that build a human firewall - [Does Security Awareness Training Work? What 47 Studies Say](https://ransomleak.com/blog/security-awareness-training-effectiveness/): Analysis of 47 peer-reviewed studies on awareness training ROI and what actually changes employee behavior - [12 Common Cybersecurity Training Exercises](https://ransomleak.com/blog/cybersecurity-awareness-exercises/): Proven exercises that cut phishing clicks by 80%, including phishing simulations, tabletop scenarios, and a 90-day rollout plan - [15 Cyber Security Activities for Employees](https://ransomleak.com/blog/cyber-security-activities-for-employees/): Hands-on team activities that turn awareness into action with time estimates, materials, and facilitator notes - [Building a Human Firewall](https://ransomleak.com/blog/human-firewall-training/): Strategies for creating a security culture where employees actively protect your organization - [Phishing Simulation Training Guide](https://ransomleak.com/blog/phishing-simulation-training/): How phishing simulation training works and why it outperforms passive awareness content - [How to Spot Phishing](https://ransomleak.com/blog/phishing-detection/): Visual and technical signs that reveal phishing websites and emails - [Barrel Phishing: Two-Stage Attacks](https://ransomleak.com/blog/barrel-phishing/): How barrel phishing bypasses spam filters by sending a harmless email before the real attack - [Vishing Attacks Explained](https://ransomleak.com/blog/vishing-awareness/): How voice phishing exploits phone conversations and why it fools even trained employees - [Smishing Attacks Explained](https://ransomleak.com/blog/what-is-smishing-cybersecurity/): How text message phishing works and organizational defense strategies - [Whaling Attacks on Executives](https://ransomleak.com/blog/what-is-whaling-cybersecurity/): Why C-suite executives are prime targets and how to protect high-value individuals - [Social Engineering Attacks](https://ransomleak.com/blog/social-engineering-attacks/): How hackers exploit human psychology with real examples and defense strategies - [Business Email Compromise Training](https://ransomleak.com/blog/bec-training/): Preventing million-dollar wire fraud from CEO fraud, invoice manipulation, and account compromise - [Email Security Training Guide](https://ransomleak.com/blog/email-security-training/): Protecting organizations from phishing, BEC, and email-based threats through effective training - [Mobile Security Training](https://ransomleak.com/blog/mobile-security-training/): Protecting remote and mobile workers from smishing, mobile phishing, and BYOD security risks - [Compliance Training for Regulated Industries](https://ransomleak.com/blog/compliance-training/): Meeting HIPAA, PCI DSS, SOC 2, GDPR, ISO 27001, and NIST requirements through employee training - [Free Security Awareness Training Resources](https://ransomleak.com/blog/free-security-awareness-training/): Quality free training options, their limitations, and when to upgrade to enterprise solutions - [SCORM Security Training: LMS Integration Guide](https://ransomleak.com/blog/scorm-security-training/): Deploying security training to any LMS with SCORM 1.2 vs 2004 comparison and setup guides - [Open Source LMS for Security Training](https://ransomleak.com/blog/open-source-lms-security-training/): Moodle, Canvas, and Open edX compared for SCORM security training with real cost analysis - [KnowBe4 Alternatives Compared](https://ransomleak.com/blog/knowbe4-alternatives/): Top security awareness training platforms compared by features, pricing, and use cases - [OWASP Top 10 for LLM Applications](https://ransomleak.com/blog/owasp-llm-top-10/): All ten OWASP LLM risks explained with practical training recommendations for prompt injection, data poisoning, excessive agency, and more - [GDPR Training for Employees](https://ransomleak.com/blog/gdpr-employee-training/): Why most GDPR training fails, what employees actually need to know, and how to measure training effectiveness beyond completion rates - [AI Coding Assistant Security Risks](https://ransomleak.com/blog/ai-coding-assistant-security-risks/): Prompt injection, data exfiltration, and security risks from AI coding tools that most organizations overlook - [Ransomware Awareness Training for Employees](https://ransomleak.com/blog/ransomware-awareness-training/): How ransomware attacks work, what employees should do in the first 60 seconds, and why backup strategy is the best defense - [Credential Stuffing: How Leaked Passwords Work](https://ransomleak.com/blog/credential-stuffing-awareness/): How attackers use stolen credentials from data breaches to break into corporate accounts, and why password reuse is the root cause - [Callback Phishing (TOAD): No Links, All Danger](https://ransomleak.com/blog/callback-phishing/): How callback phishing bypasses email security with clean emails and phone numbers, and why TOAD attacks are growing fast - [Insider Threat Awareness Training](https://ransomleak.com/blog/insider-threat-training/): How to recognize insider threat behavioral indicators, report suspicious activity, and build a program employees support - [Clawdbot (Moltbot) Security Risks](https://ransomleak.com/blog/clawdbot-security-risks/): Critical vulnerabilities in Clawdbot including plaintext credential storage, prompt injection, and infostealer targeting - [Deepfake Social Engineering](https://ransomleak.com/blog/deepfake-social-engineering/): How voice cloning and video deepfakes power social engineering attacks, with employee verification strategies for the deepfake era - [Shadow IT Security Risks](https://ransomleak.com/blog/shadow-it-security-risks/): How unauthorized SaaS tools create data leakage, credential sprawl, and compliance blind spots, with discovery and remediation strategies - [OWASP Agentic AI Top 10](https://ransomleak.com/blog/owasp-agentic-ai-top-10/): Security risks when AI agents act autonomously, covering cascading failures, goal hijacking, rogue agents, and all ten OWASP Agentic AI risk categories - [AI-Powered Phishing](https://ransomleak.com/blog/ai-powered-phishing/): How LLMs help attackers craft personalized phishing at scale, eliminating the typos and grammar errors employees were trained to spot ## Reference - [Cybersecurity Glossary](https://ransomleak.com/glossary/): Clear definitions of 18 key cybersecurity terms including phishing, vishing, smishing, ransomware, social engineering, BEC, deepfake, SCORM, and more ## Company - [About RansomLeak](https://ransomleak.com/about-us/): Founded in Estonia by Dmytro Koziatynskyi (CEO) and Maksym Khamrovskyi (CMO), previously creators of Kontra Application Security Training - [Contact & Demo](https://ransomleak.com/contact-us/): Request a personalized demo or get an enterprise training quote with typical response within 24 hours - [Learning Platform](https://learning.ransomleak.com): Standalone cloud LMS with user management, analytics, campaign management, and SSO ## Key Facts - Founded: 2024, Tallinn, Estonia - Founders: Dmytro Koziatynskyi (CEO) and Maksym Khamrovskyi (CMO), previously creators of Kontra Application Security Training - Free exercises: 60+ interactive cybersecurity simulations covering phishing, ransomware, social engineering, vishing, smishing, BEC, deepfake whaling, USB drop attacks, AI prompt injection, and GDPR compliance - SCORM compliance: Full SCORM 1.2 and SCORM 2004 support, tested with 50+ LMS platforms - Compliance frameworks: SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, NIS2 - Delivery options: SCORM packages for existing LMS infrastructure or standalone cloud LMS with SSO, analytics, campaign management, and white-labeling ## Frequently Asked Questions Q: What is security awareness training? A: Security awareness training is a structured education program that teaches employees to recognize, avoid, and report cybersecurity threats such as phishing, social engineering, ransomware, and data breaches. Effective programs use interactive simulations and hands-on exercises rather than passive videos, building practical skills that reduce human-caused security incidents. Q: How does RansomLeak differ from other security training providers? A: RansomLeak uses interactive 3D simulations that place employees directly in realistic attack scenarios rather than relying on videos or slideshows. Multiple studies show that active, experiential learning outperforms passive content for knowledge retention. The platform also supports full SCORM 1.2 and 2004 compliance for integration with any existing LMS. Q: Is there a free version available? A: Yes. RansomLeak offers 60+ free interactive cybersecurity exercises at ransomleak.com/catalogue with no signup required. These cover phishing, ransomware, social engineering, vishing, smishing, business email compromise, deepfake whaling, USB drop attacks, AI prompt injection, and GDPR compliance scenarios. Q: What compliance frameworks does RansomLeak support? A: RansomLeak training satisfies security awareness requirements under SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, and NIS2. The platform includes compliance-specific reporting, completion tracking, and audit-ready documentation. SCORM integration ensures training data flows into your existing LMS compliance workflows. Q: What is SCORM and why does it matter? A: SCORM (Sharable Content Object Reference Model) is an international standard that lets e-learning content work across any compliant Learning Management System without custom integration. RansomLeak supports both SCORM 1.2 and SCORM 2004, tested with 50+ LMS platforms including Moodle, Cornerstone, Workday, SAP SuccessFactors, and Docebo. Q: How do you measure training effectiveness? A: RansomLeak tracks exercise completion rates, knowledge assessment scores, time to report suspicious emails, and behavioral change over time. The real-time analytics dashboard shows progress by department, team, or individual, with audit-ready reports for SOC 2, ISO 27001, and HIPAA compliance. ## Optional - [Security & Compliance](https://ransomleak.com/security-compliance/): Enterprise-grade security with GDPR compliance, encryption, and alignment with NIST, SOC 2, and NIS2 frameworks - [Privacy Policy](https://ransomleak.com/privacy-policy/): Data protection practices and GDPR compliance details - [Terms of Service](https://ransomleak.com/terms-of-service/): Terms governing use of the platform and services