Most security awareness training goes like this: the company buys a course library, HR assigns it, employees click through videos at 2x speed, pass a quiz, and forget everything within a week. The phishing email that shows up the following Monday still gets clicked.

The format is the problem. Passive content doesn't build the reflexes that stop someone from entering credentials on a fake login page at 4 pm on a Friday.

RansomLeak replaces videos and slides with interactive 3D simulations.

Employees don't watch someone else get phished. They open a suspicious email in a simulated inbox and decide what to do with it. They answer a phone call from someone claiming to be IT support. They find a USB drive near the office entrance. Each simulation branches based on their choices and shows them what would have happened in a real attack.

Every scenario is built on documented attack patterns, not generic "be careful online" advice. The phishing emails look like actual vendor requests. The social engineering calls use the same pretexts that real attackers use. When an employee gets fooled and sees the breach play out, that memory sticks in a way that reading a policy document never will.

What the training covers:

• Phishing and spear-phishing recognition, including business email compromise

• Social engineering across phone, chat, and in-person channels

• Sensitive data handling and classification

• Password and credential security

• Physical security: tailgating, found USB devices, workstation security

• Incident reporting procedures

Multiple difficulty levels per topic. New hires start with fundamentals, and experienced staff face advanced scenarios. Organizations can assign specific simulations by department or role.

Gamification that drives completion

Points, badges, leaderboards, and achievements turn compliance training into something employees talk about at lunch. Security teams get analytics showing exactly where knowledge gaps exist across the organization, not based on quiz scores, but on how people actually behaved inside realistic attack scenarios.

Two deployment options:

• SCORM packages (1.2 and 2004) drop into Cornerstone, Workday, SAP SuccessFactors, Docebo, 360Learning, Moodle, Canvas, Blackboard, and any other compliant LMS. Your existing infrastructure handles tracking and reporting.

• Standalone cloud LMS with user management, real-time analytics, campaign scheduling, SSO/MFA, and custom branding for organizations that want a dedicated security training environment. No additional charge at any tier.
  

Pricing

• Per-seat annual subscription starting at $12/user/year for small teams, dropping to $8/user/year at scale. Every tier includes the full simulation library and both deployment options. No setup fees. No feature gates.

• Completely free for individual users.

Built by the team behind Kontra Application Security Training for mid-market and enterprise organizations in finance, healthcare, technology, and government.