Abstract
Ransomware has grown to become one of the most significant cyber threats to organizations worldwide. In the event of an attack, many victims choose to pay in order to restore their systems or prevent stolen data from being published or sold. If this decision is made, organizations should consider entering into negotiations with the attackers, as ransoms are often negotiable. It is important that relevant personnel are prepared for such negotiations. The aim of this work is to evaluate how Tabletop Exercises can be used to prepare for possible Ransomware Negotiations. A concept for Tabletop Exercises is developed, which is slightly adapted to the requirements of Ransomware Negotiation Training. The main modification involves the inclusion of an adversarial team in the exercise, representing the attackers or ransomware operators. This will provide participants with the opportunity to negotiate with an opponent who will react to their actions in a spontaneous and unpredictable manner. A basic model for designing a Tabletop Exercise in this format is provided, supplemented by an exemplary scenario for a Ransomware Negotiation Tabletop Exercise.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Angafor, G.N., Yevseyeva, I., He, Y.: Game-based learning: a review of tabletop exercises for cybersecurity incident response training. Secur. Priv. 3(6), e126 (2020). https://doi.org/10.1002/spy2.126. https://onlinelibrary.wiley.com/doi/abs/10.1002/spy2.126
Boticiu, S., Teichmann, F.: How does one negotiate with ransomware attackers? Int. Cybersecur. Law Rev. (2023). https://doi.org/10.1365/s43439-023-00106-w
Caporusso, N., Chea, S., Abukhaled, R.: A game-theoretical model of ransomware. In: Ahram, T.Z., Nicholson, D. (eds.) AHFE 2018, vol. 782, pp. 69–78. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-319-94782-2_7
Cybersecurity & Infrastructure Security Agency: Cybersecurity tabletop exercise tips (2022). https://www.cisa.gov/sites/default/files/publications/Cybersecurity-Tabletop-Exercise-Tips_508c.pdf
DFIR Research Group, Team Cymru: Analyzing ransomware negotiations with conti: an in-depth analysis (2022)
Formosa, P., Wilson, M., Richards, D.: A principlist framework for cybersecurity ethics. Comput. Secur. 109 (2021). https://doi.org/10.1016/j.cose.2021.102382. https://www.sciencedirect.com/science/article/pii/S0167404821002066
German Federal Office for Information Security: Ransomware bedrohungslage 2022 (german) [ransomware threat situation 2022] (2022). https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/Themen/Ransomware.pdf?__blob=publicationFile &v=5
German Federal Office for Information Security: The state of it security in Germany in 2023 (2023). https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Securitysituation/IT-Security-Situation-in-Germany-2023.pdf?__blob=publicationFile &v=8
Gobron, S.: Gamification & serious game. In: Symposium 2016, 4–5 July 2016 (2016). https://doi.org/10.26039/JHCK-PK54. http://arodes.hes-so.ch/record/4270
Grance, T., Nolan, T., Burke, K., Dudley, R., White, G., Good, T.: Sp 800-84. guide to test, training, and exercise programs for it plans and capabilities (2006)
Hack, P., Wu, Z.Y.: “we wait, because we know you.” inside the ransomware negotiation economics (2021). https://research.nccgroup.com/2021/11/12/we-wait-because-we-know-you-inside-the-ransomware-negotiation-economics/
Internet Crime Complaint Center (IC3): Internet crime report 2022 (2022). https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf
Kremez, V., Farral, T.: How ransomware has become an ‘ethical’ dilemma in the eastern European underground (2017). https://flashpoint.io/blog/ransomware-ethical-dilemma-eastern-european-underground/
Mierzwa, S., Drylie, J., Bogdan, D.: Ransomware incident preparations with ethical considerations and command system framework proposal. J. Leadership Accountabil. Ethics 19(2), 110–120 (2022). https://doi.org/10.33423/jlae.v19i2.5112
Müller, L.: Tabletop exercise for ransomware negotiations (bachelor’s thesis, albstadt-sigmaringen university) (2024). https://www.researchgate.net/profile/Lea-Mueller-25
Ottis, R.: Light weight tabletop exercise for cybersecurity education. J. Homel. Secur. Emerg. Manag. 11(4), 579–592 (2014). https://doi.org/10.1515/jhsem-2014-0031
Ryan, P., Fokker, J., Healy, S., Amann, A.: Dynamics of targeted ransomware negotiation. IEEE Access 10, 32836–32844 (2022). https://doi.org/10.1109/ACCESS.2022.3160748
Vakilinia, I., Khalili, M.M., Li, M.: A mechanism design approach to solve ransomware dilemmas. In: Bošanský, B., Gonzalez, C., Rass, S., Sinha, A. (eds.) Decision and Game Theory for Security, pp. 181–194. Springer, Cham (2021)
Wade, M.: Digital hostages: leveraging ransomware attacks in cyberspace. Bus. Horizons 64(6), 787–797 (2021). https://doi.org/10.1016/j.bushor.2021.07.014. https://www.sciencedirect.com/science/article/pii/S0007681321001373
Acknowledgement
The project funded under Grant Agreement No. 101127970 is supported by the European Cybersecurity Competence Centre.
This research resembles part of a thesis [15].
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Müller, L. (2024). Tabletop Exercise for Ransomware Negotiations. In: Schmorrow, D.D., Fidopiastis, C.M. (eds) Augmented Cognition. HCII 2024. Lecture Notes in Computer Science(), vol 14695. Springer, Cham. https://doi.org/10.1007/978-3-031-61572-6_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-61572-6_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-61571-9
Online ISBN: 978-3-031-61572-6
eBook Packages: Computer ScienceComputer Science (R0)