Skip to main content

Tabletop Exercise for Ransomware Negotiations

  • Conference paper
  • First Online:
Augmented Cognition (HCII 2024)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 14695))

Included in the following conference series:

  • 323 Accesses

Abstract

Ransomware has grown to become one of the most significant cyber threats to organizations worldwide. In the event of an attack, many victims choose to pay in order to restore their systems or prevent stolen data from being published or sold. If this decision is made, organizations should consider entering into negotiations with the attackers, as ransoms are often negotiable. It is important that relevant personnel are prepared for such negotiations. The aim of this work is to evaluate how Tabletop Exercises can be used to prepare for possible Ransomware Negotiations. A concept for Tabletop Exercises is developed, which is slightly adapted to the requirements of Ransomware Negotiation Training. The main modification involves the inclusion of an adversarial team in the exercise, representing the attackers or ransomware operators. This will provide participants with the opportunity to negotiate with an opponent who will react to their actions in a spontaneous and unpredictable manner. A basic model for designing a Tabletop Exercise in this format is provided, supplemented by an exemplary scenario for a Ransomware Negotiation Tabletop Exercise.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Angafor, G.N., Yevseyeva, I., He, Y.: Game-based learning: a review of tabletop exercises for cybersecurity incident response training. Secur. Priv. 3(6), e126 (2020). https://doi.org/10.1002/spy2.126. https://onlinelibrary.wiley.com/doi/abs/10.1002/spy2.126

  2. Boticiu, S., Teichmann, F.: How does one negotiate with ransomware attackers? Int. Cybersecur. Law Rev. (2023). https://doi.org/10.1365/s43439-023-00106-w

    Article  Google Scholar 

  3. Caporusso, N., Chea, S., Abukhaled, R.: A game-theoretical model of ransomware. In: Ahram, T.Z., Nicholson, D. (eds.) AHFE 2018, vol. 782, pp. 69–78. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-319-94782-2_7

    Chapter  Google Scholar 

  4. Cybersecurity & Infrastructure Security Agency: Cybersecurity tabletop exercise tips (2022). https://www.cisa.gov/sites/default/files/publications/Cybersecurity-Tabletop-Exercise-Tips_508c.pdf

  5. DFIR Research Group, Team Cymru: Analyzing ransomware negotiations with conti: an in-depth analysis (2022)

    Google Scholar 

  6. Formosa, P., Wilson, M., Richards, D.: A principlist framework for cybersecurity ethics. Comput. Secur. 109 (2021). https://doi.org/10.1016/j.cose.2021.102382. https://www.sciencedirect.com/science/article/pii/S0167404821002066

  7. German Federal Office for Information Security: Ransomware bedrohungslage 2022 (german) [ransomware threat situation 2022] (2022). https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/Themen/Ransomware.pdf?__blob=publicationFile &v=5

  8. German Federal Office for Information Security: The state of it security in Germany in 2023 (2023). https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Securitysituation/IT-Security-Situation-in-Germany-2023.pdf?__blob=publicationFile &v=8

  9. Gobron, S.: Gamification & serious game. In: Symposium 2016, 4–5 July 2016 (2016). https://doi.org/10.26039/JHCK-PK54. http://arodes.hes-so.ch/record/4270

  10. Grance, T., Nolan, T., Burke, K., Dudley, R., White, G., Good, T.: Sp 800-84. guide to test, training, and exercise programs for it plans and capabilities (2006)

    Google Scholar 

  11. Hack, P., Wu, Z.Y.: “we wait, because we know you.” inside the ransomware negotiation economics (2021). https://research.nccgroup.com/2021/11/12/we-wait-because-we-know-you-inside-the-ransomware-negotiation-economics/

  12. Internet Crime Complaint Center (IC3): Internet crime report 2022 (2022). https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf

  13. Kremez, V., Farral, T.: How ransomware has become an ‘ethical’ dilemma in the eastern European underground (2017). https://flashpoint.io/blog/ransomware-ethical-dilemma-eastern-european-underground/

  14. Mierzwa, S., Drylie, J., Bogdan, D.: Ransomware incident preparations with ethical considerations and command system framework proposal. J. Leadership Accountabil. Ethics 19(2), 110–120 (2022). https://doi.org/10.33423/jlae.v19i2.5112

  15. Müller, L.: Tabletop exercise for ransomware negotiations (bachelor’s thesis, albstadt-sigmaringen university) (2024). https://www.researchgate.net/profile/Lea-Mueller-25

  16. Ottis, R.: Light weight tabletop exercise for cybersecurity education. J. Homel. Secur. Emerg. Manag. 11(4), 579–592 (2014). https://doi.org/10.1515/jhsem-2014-0031

    Article  Google Scholar 

  17. Ryan, P., Fokker, J., Healy, S., Amann, A.: Dynamics of targeted ransomware negotiation. IEEE Access 10, 32836–32844 (2022). https://doi.org/10.1109/ACCESS.2022.3160748

    Article  Google Scholar 

  18. Vakilinia, I., Khalili, M.M., Li, M.: A mechanism design approach to solve ransomware dilemmas. In: Bošanský, B., Gonzalez, C., Rass, S., Sinha, A. (eds.) Decision and Game Theory for Security, pp. 181–194. Springer, Cham (2021)

    Google Scholar 

  19. Wade, M.: Digital hostages: leveraging ransomware attacks in cyberspace. Bus. Horizons 64(6), 787–797 (2021). https://doi.org/10.1016/j.bushor.2021.07.014. https://www.sciencedirect.com/science/article/pii/S0007681321001373

Download references

Acknowledgement

The project funded under Grant Agreement No. 101127970 is supported by the European Cybersecurity Competence Centre.

This research resembles part of a thesis [15].

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Lea Müller .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Müller, L. (2024). Tabletop Exercise for Ransomware Negotiations. In: Schmorrow, D.D., Fidopiastis, C.M. (eds) Augmented Cognition. HCII 2024. Lecture Notes in Computer Science(), vol 14695. Springer, Cham. https://doi.org/10.1007/978-3-031-61572-6_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-61572-6_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-61571-9

  • Online ISBN: 978-3-031-61572-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics