Can negotiating your company’s ransomware payment be fun?
Well, if it’s a game rather than the real thing, then yes!
The inventive bodies FinancialTimes have created an imaginary ransomware trading simulator which allows you to imagine that you are in the hot seat of a hacked company, trying to prevent cybercriminals from disclosing the sensitive data they have stolen from your systems.
The simulation lets you imagine that you are a sharp-headed boss in a successful pharmaceutical company in the United States. After a ransomware attack, day-to-day business operations are severely disrupted, meaning servers are down, products can’t be shipped, and employees aren’t being paid.
The game then proceeds through a variety of multiple-choice questions, much like an old-fashioned “choose your own adventure” book.
When I played the game, I managed to extend the negotiation a few days longer than the hackers expected, reduce the ransom demand to a fraction of what the bad guys originally demanded, before finally deciding to don’t pay them a penny.
Hours later, sensitive data about my imaginary company apparently leaked onto the dark web – but shareholders were impressed by my refusal to pay.
The FT says the simulation is based on interviews with real-life ransomware negotiators and conversations with security researchers and corporate executives who have been at the heart of an attack.
In my opinion, it’s better to have some experience negotiating a ransomware payout in the security of an online game, then to have to learn on the job when your business is hit for real. And if the FTCreative exploration of the topic by helping more business people understand the seriousness of ransomware, so that must be a good thing.
Now go, try the game for yourself.
Did you find this article interesting ? Follow Graham Cluley on Twitter to learn more about the exclusive content we publish.