How to have fun negotiating with a ransomware gang

Graham Cluley
Graham Cluley
@[email protected]

How to have fun negotiating with a ransomware gang

Can negotiating your firm’s ransomware payment actually be fun?

Well, if it’s a game rather than the real thing then yes!

The inventive bods at the Financial Times have created an imaginative ransomware negotiation simulator which lets you imagine you’re in the hot seat at a hacked company, trying to stop cybercriminals from releasing sensitive data they have stolen from your systems.

Sign up to our free newsletter.
Security news, advice, and tips.

The simulation lets you imagine that you’re a pointy-headed boss at a successful pharmaceutical company in the United States. After a ransomware attack, the company’s day-to-day operations are severely disrupted, meaning that servers are down, products can’t ship, and employees aren’t being paid.


Ransomware game

The game then unfolds via a variety of multiple-choice questions, rather like an old-fashioned “Choose your own adventure” book.

When I played the game I managed to extend the negotiation for a few days longer than the hackers had planned, badgered down the ransom demand to a fraction of what the bad guys had initially demanded, before ultimately deciding not to pay them a penny.

Ransom negotiation

A few hours later, sensitive data about my imaginary company was apparently released on the dark web – but the shareholders were impressed that I refused to pay up.

The FT says that the simulation is based upon interviews with real-life ransomware negotiators, and conversations with security researchers and company executives who have been on the sharp end of an attack.

By my reckoning it’s better to have some experience of negotiating a ransomware payment in the safety of an online game, than having to learn on the job when your company gets hit for real. And if the FT‘s creative exploration of the topic helps more business people understand the seriousness of ransomware, then that has to be a good thing.

Now go on, try the game for yourself.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “How to have fun negotiating with a ransomware gang”

  1. hmmno

    When you say
    "it’s better to have some experience of negotiation a ransomware payment in the safety of an online game, then having to learn on the job"
    You really mean "better THAN".

    You spent so much time dealing with broken english criminals, you really look like one now.

    1. Graham CluleyGraham Cluley · in reply to hmmno

      I'll put my hands up for that.

      That is rather atrocious. Now fixed, hopefully.


What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.