How to have fun negotiating with a ransomware gang

Can negotiating your firm’s ransomware payment actually be fun?

Well, if it’s a game rather than the real thing then yes!

The inventive bods at the Financial Times have created an imaginative ransomware negotiation simulator which lets you imagine you’re in the hot seat at a hacked company, trying to stop cybercriminals from releasing sensitive data they have stolen from your systems.

The simulation lets you imagine that you’re a pointy-headed boss at a successful pharmaceutical company in the United States. After a ransomware attack, the company’s day-to-day operations are severely disrupted, meaning that servers are down, products can’t ship, and employees aren’t being paid.

Ouch.

The game then unfolds via a variety of multiple-choice questions, rather like an old-fashioned “Choose your own adventure” book.

When I played the game I managed to extend the negotiation for a few days longer than the hackers had planned, badgered down the ransom demand to a fraction of what the bad guys had initially demanded, before ultimately deciding not to pay them a penny.

A few hours later, sensitive data about my imaginary company was apparently released on the dark web – but the shareholders were impressed that I refused to pay up.

The FT says that the simulation is based upon interviews with real-life ransomware negotiators, and conversations with security researchers and company executives who have been on the sharp end of an attack.

By my reckoning it’s better to have some experience of negotiating a ransomware payment in the safety of an online game, than having to learn on the job when your company gets hit for real. And if the FT‘s creative exploration of the topic helps more business people understand the seriousness of ransomware, then that has to be a good thing.

Now go on, try the game for yourself.

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Graham Cluley •   @gcluley

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.