How to have fun negotiating with a ransomware gang • Graham Cluley
Can negotiating your company’s ransomware payment really be fun?
Well, if it’s more of a game than the real thing, then yes!
The innovative bodies at the financial times have created an imaginative ransomware negotiation simulator that lets you imagine yourself sitting in the hot seat of a hacked company trying to prevent cybercriminals from releasing sensitive data they stole from your systems.
The simulation lets you imagine that you are the boss of a successful pharmaceutical company in the United States. After a ransomware attack, the day-to-day business of the company is severely disrupted, meaning servers are down, products cannot be shipped and employees are not paid.
Ouch.
The game then unfolds through a variety of multiple choice questions, more like an old-fashioned choose-your-own-adventure book.
Playing the game, I managed to extend the negotiations a few days longer, when the hackers had planned to squash the ransom down to a fraction of what the bad guys originally asked for, before finally deciding not to give them a penny to pay.
A few hours later, what appeared to be sensitive data about my imaginary company was published on the dark web – but shareholders were impressed that I refused to pay.
That FT says the simulation is based on interviews with real ransomware negotiators and conversations with security researchers and company executives who have been on the sharp end of an attack.
In my opinion, having some experience negotiating a ransomware payment in the safety of an online game is better than having to learn on the job if your business is really going to get hit. And if the FTGetting creative with the topic helps more business people understand the seriousness of ransomware, then that must be a good thing.
Go ahead and try the game yourself.
Did you find this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we publish.