360 Ransomware
Making Teams Crisis-Ready
This scenario is recommended for organisations who want to extend the understanding of various ransomware scenario cases from the perspective of leadership, strategic communications, and information sharing processes with key stakeholders, including regulators. Players in this game will be challenged to make complex decisions around disclosure, transparency, with ambiguity fuelling debates about what the ransom payment really is, especially when control is lost over sensitive data. Delegates will be made to work with the hackers carefully balancing to not putting themselves, and their business, on the wrong side of the law.
​
The scenario was optimised for the case of 3 teams working together, with a lessons-learned session at the end, where each team presents the strategies they’ve used, to see how each of them fared. For an individual learning experience, players can experiment with the different branches one-at-a-time.
Playtime
Full Exercise: 4 hours (Facilitated)
Basic Challenges: 90 mins (Automated) per branch
Recommended Delegates
Crisis management team members
Technical Maturity Level
Medium
Competencies Exercised
IR process (NIST), Data Protection (GDPR), Regulatory Compliance, Pentesting Routines, Ransomware Playbooks, Crisis Communications, Coaching Senior Stakeholders to understand the technical situation and preparing them for Media Interviews