Help creating a ransomware simulator

We want to demonstrate the need for Webroot to prospective customers who use traditional AV software. So I wrote a simple "ransomware" program that only affects a test folder. It is a compiled .exe program that:

1. Reads files one at a time from a test folder (c:userspublicvideos est)
   
2. Encrypts the file contents.
   
3. Writes the file to filename.txt.crypt.
   
4. Deletes the file.

My expectation was that Webroot would see that a new .exe program was encrypting and deleting files and block it, but it did not. I have run the program from a Command Prompt window, from Windows Explorer and from a Desktop shortcut.

 

I also ran this ransomware simulator on a VM protected by a dedicated anti-ransomware program, CryptoDrop, but it, too, allowed the deletions. As I am not an experienced white hat hacker, I am sure I am missiing something.

 

I am aware of KnowBe4's RanSim ransomware simulator, but by now it is well known to signature-based antivirus products. I'd like to be able to create a simple, safe, new simulated ransomware program that Webroot will block. It is easy enough to limit its effect to a single specified user folder for safety, but perhaps that prevents it from being detected.

 

Your ideas are much appreciated!