Having a hard time coming up with a positive use case for this. It's not like cycling through a file list and applying a crypto function is hard, so the educational excuse seems pretty weak.

I could find at least a case for educating end users if the payload can be delivered as any genuine ransomware:

I get sick and tired of users finding good excuses to download and open all sort of document on the main server at work and having to fetch a backup of the VM because of their eagerness to disregard all kind of obvious precaution.... At least with this I could organize a surprise training without jeopardizing their work of the last few hours/days.