Abstract: The deep integration of industrial control networks (ICNs) with modern information technology has firmly established them as the operational backbone of critical infrastructure sectors, such as energy, chemicals, transportation, and water management. Although this convergence enables unprecedented levels of automation, intelligence, and efficiency in industrial production, it concurrently exposes these vital systems to a rapidly intensifying landscape of cybersecurity threats. Among these, ransomware has emerged as one of the most destructive and pervasive threats, capable of encrypting critical files or incapacitating entire systems to extort ransoms. Such attacks can trigger significant operational disruptions, financial losses, and even grave risks to public safety and national security. Ransomware has evolved from simple, user phishing-based attacks to complex campaigns leveraging system vulnerabilities, supply chain compromises, and automated lateral movement. This increasing complexity has rendered traditional security measures increasingly inadequate. Consequently, this escalating threat landscape underscores the critical need for advanced, practical platforms that allow rigorous study of these challenges and support the development and validation of effective countermeasures. In this context, cybersecurity test ranges, or cyber ranges, have emerged as an indispensable solution, creating high-fidelity, simulated environments that replicate real-world ICNs, enabling security professionals, researchers, and students to conduct realistic attack and defense exercises without jeopardizing live operational systems. This paper presents a comprehensive design and study of a virtualization-based security attack-defense range tailored for ICNs, with a focus on simulating the complete lifecycle of ransomware threats. The study begins by analyzing the current global state of ICN ranges and dissecting the specific propagation mechanisms and alarming evolution of ransomware to firmly establish the necessity for specialized cyber range facilities. The proposed range is systematically designed around a “high-fidelity simulation, integrated attack-defense” architecture, logically structured into four cohesive layers: a Resource Management Layer for fundamental computational and network provisioning; a Virtual Network Layer that serves as the core environment builder, utilizing advanced virtualization and software-defined networking to create realistic, complex ICN topologies with deep simulation of industrial protocols such as Modbus TCP and PROFINET; a Data Processing Layer that provides comprehensive support through threat intelligence, behavioral analytics, and intelligent decision-making; and an overarching Application Layer that delivers user-facing platforms for education, adversarial exercises, and technical validation. The functional realization of this architecture is achieved through seven intricately designed modules that collectively simulate the ransomware kill chain and the corresponding defensive countermeasures. These include a User Interaction Module for central control, a Virtualization Management Module for rapid environment deployment, a dedicated Ransomware Attack Simulation Module that replicates behaviors from initial compromise to data encryption, a multilayered Defense Module incorporating honeypots and real-time interception, a Honeypot Module for attacker engagement and TTP capture, a Data Collection and Analysis Module for holistic post-exercise analysis and visualization, and a rigorous Evaluation Module that employs a quantitative Defense Effectiveness Index for objective assessment. The technological underpinnings of the range are thoroughly explored, with particular emphasis on a hybrid virtualization approach that leverages both traditional hypervisors and containerization for optimal flexibility and fidelity, alongside sophisticated network emulation techniques for accurate topology, protocol, and traffic simulation, which are crucial for creating a believable ICN environment. A comparative analysis with prominent existing ranges, such as the Pengcheng Cyber Range and US NCRC, highlights the proposed design's advancements in its specialized ransomware emulation capability, deep industrial protocol support, and a sophisticated multiteam collaboration mechanism incorporating red, blue, green, yellow, white, gray, and purple teams. In conclusion, this paper presents a robust and detailed design for a virtualization-based ICN security attack-defense range that serves as a vital practical platform for advancing ICN security research, optimizing enterprise protection strategies against ransomware and cultivating a highly skilled cybersecurity workforce. Future work will be directed toward incorporating artificial intelligence for adaptive training and deepening protocol-level security simulations.