With the development of Internet technology and the rapid development of information transmission technology, both the government and private organizations have chosen to provide convenient and faster information services to the public through the Internet. This year, because of the epidemic, computers are far away. The utilization rate of the client has risen sharply, and criminal organizations have also taken advantage of this trend to carefully plan continuous cyber attacks against specific targets. Important interests. In the face of increasingly severe cyber threats, even though companies have numerous information security protection equipment, if managers do not have a corresponding information security concept, they cannot effectively prevent Advanced Persistent Threat (APT) attacks. There are many shooting ranges for information security offensive and defensive exercises and CTF capture the flag competition platforms at home and abroad, allowing users to improve their knowledge of information security through practical methods. However, the above-mentioned exercise environment can only provide point-to-point testing for some functions, and cannot meet the real-life situation of information security incidents. This paper uses the APT cyber attack chain digital range (Cyber Kill Chain Range, kRange) built in the laboratory and the cyber attack chain security information and event management range (Security Information and Event Management Range, sRange) two platforms. Based on the concept of the ransomware attack chain, a simulation environment for the ransomware attack chain has been developed, allowing users to understand the behavior trajectory of the attacker’s intrusion and the key to log analysis through the various stages of the ransomware attack chain, and learn the new attack thinking of hackers from it. To achieve the purpose of training information security personnel